From sle-container-updates at lists.suse.com Tue Dec 2 08:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:05:04 +0100 (CET) Subject: SUSE-IU-2025:3800-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251202080504.365C8FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3800-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.104 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.104 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 528 Released: Mon Dec 1 09:45:21 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-30-11.1 updated - kmod-30-11.1 updated - container:SL-Micro-base-container-2.1.3-7.70 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:08:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:08:49 +0100 (CET) Subject: SUSE-IU-2025:3803-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251202080849.6596AFBA1@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3803-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.106 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.106 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 528 Released: Mon Dec 1 09:45:21 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-30-11.1 updated - kmod-30-11.1 updated - container:SL-Micro-container-2.1.3-6.104 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:11:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:11:19 +0100 (CET) Subject: SUSE-CU-2025:8725-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20251202081119.7BA0FFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8725-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.48 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.48 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 528 Released: Mon Dec 1 09:45:21 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-30-11.1 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:06:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:06:23 +0100 (CET) Subject: SUSE-IU-2025:3801-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251202080623.55FBEFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3801-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.70 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.70 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 528 Released: Mon Dec 1 09:45:21 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-30-11.1 updated - kmod-30-11.1 updated - container:suse-toolbox-image-1.0.0-9.48 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:12:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:12:57 +0100 (CET) Subject: SUSE-IU-2025:3805-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20251202081257.244F3FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3805-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.55 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.55 Severity : important Type : recommended References : 1237147 1241938 1243106 1253741 CVE-2025-22247 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 345 Released: Mon Dec 1 09:58:15 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1237147,1241938,1243106,1253741,CVE-2025-22247 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-32-slfo.1.1_2.1 updated - kmod-32-slfo.1.1_2.1 updated - container:suse-toolbox-image-1.0.0-4.90 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:13:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:13:52 +0100 (CET) Subject: SUSE-IU-2025:3806-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251202081352.76105FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3806-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.57 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.57 Severity : important Type : recommended References : 1237147 1241938 1243106 1253741 CVE-2025-22247 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 345 Released: Mon Dec 1 09:58:15 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1237147,1241938,1243106,1253741,CVE-2025-22247 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-32-slfo.1.1_2.1 updated - kmod-32-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.1-5.55 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:14:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:14:49 +0100 (CET) Subject: SUSE-IU-2025:3807-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251202081449.88ABEFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3807-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.46 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.46 Severity : important Type : recommended References : 1237147 1241938 1243106 1253741 CVE-2025-22247 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 345 Released: Mon Dec 1 09:58:15 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1237147,1241938,1243106,1253741,CVE-2025-22247 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-32-slfo.1.1_2.1 updated - kmod-32-slfo.1.1_2.1 updated - container:SL-Micro-container-2.2.1-7.33 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:07:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:07:32 +0100 (CET) Subject: SUSE-IU-2025:3802-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251202080732.2068FFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3802-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.92 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.92 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 528 Released: Mon Dec 1 09:45:21 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-30-11.1 updated - kmod-30-11.1 updated - container:SL-Micro-base-container-2.1.3-7.70 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:28:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:28:22 +0100 (CET) Subject: SUSE-CU-2025:8742-1: Security update of bci/gcc Message-ID: <20251202082822.22B86FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8742-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.10 , bci/gcc:latest Container Release : 15.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:28:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:28:48 +0100 (CET) Subject: SUSE-CU-2025:8743-1: Security update of bci/golang Message-ID: <20251202082848.8050BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8743-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-79.10 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-79.10 Container Release : 79.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:29:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:29:16 +0100 (CET) Subject: SUSE-CU-2025:8744-1: Security update of bci/golang Message-ID: <20251202082916.B7B98FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8744-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.3 , bci/golang:1.25.3-1.76.10 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.10 Container Release : 76.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:29:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:29:40 +0100 (CET) Subject: SUSE-CU-2025:8745-1: Security update of bci/golang Message-ID: <20251202082940.03F69FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8745-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.10 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.10 Container Release : 79.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:30:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:30:09 +0100 (CET) Subject: SUSE-CU-2025:8746-1: Recommended update of bci/bci-init Message-ID: <20251202083009.1C470FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8746-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-47.7 , bci/bci-init:latest Container Release : 47.7 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150600.13.3.1 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:30:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:30:10 +0100 (CET) Subject: SUSE-CU-2025:8747-1: Security update of bci/bci-init Message-ID: <20251202083010.3B2DEFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8747-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-47.8 , bci/bci-init:latest Container Release : 47.8 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:30:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:30:51 +0100 (CET) Subject: SUSE-CU-2025:8749-1: Security update of suse/nginx Message-ID: <20251202083051.3EB59FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8749-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-68.1 , suse/nginx:latest Container Release : 68.1 Severity : important Type : security References : 1154884 1154887 1180138 1197771 1229655 1230111 1233529 1245309 1245310 1245311 1245314 1246974 1247498 1249375 1251264 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2025-11563 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2301-1 Released: Mon Jul 14 11:48:57 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1229655 This update for cyrus-sasl fixes the following issues: - Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097) - Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libldap-data-2.4.46-150600.23.21 added - libnghttp2-14-1.64.0-150700.1.5 added - libsasl2-3-2.1.28-150600.7.14.1 added - libssh-config-0.9.8-150600.11.6.1 added - libunistring2-0.9.10-1.1 added - libzstd1-1.5.7-150700.1.2 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libldap-2_4-2-2.4.46-150600.23.21 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - curl-8.14.1-150700.7.5.1 added - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:32:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:32:53 +0100 (CET) Subject: SUSE-CU-2025:8754-1: Recommended update of suse/pcp Message-ID: <20251202083253.929D6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8754-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-68.11 , suse/pcp:latest Container Release : 68.11 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150600.13.3.1 updated - container:bci-bci-init-15.7-a38f15e93497293f8f33c0b3fc217fe209a49db20c2a381e906f53b8b0767add-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:32:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:32:54 +0100 (CET) Subject: SUSE-CU-2025:8755-1: Security update of suse/pcp Message-ID: <20251202083254.B61C3FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8755-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-68.12 , suse/pcp:latest Container Release : 68.12 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - container:bci-bci-init-15.7-052caddf52eb187ba3366b239fdcfd4362daf54eaf8f9f0762905978cc3aca18-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:33:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:33:19 +0100 (CET) Subject: SUSE-CU-2025:8756-1: Security update of bci/php-apache Message-ID: <20251202083319.CDDB2FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8756-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.3 , bci/php-apache:latest Container Release : 17.3 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:33:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:33:39 +0100 (CET) Subject: SUSE-CU-2025:8757-1: Security update of bci/php-fpm Message-ID: <20251202083339.C50CCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8757-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-17.3 , bci/php-fpm:latest Container Release : 17.3 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:34:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:34:00 +0100 (CET) Subject: SUSE-CU-2025:8758-1: Security update of bci/php Message-ID: <20251202083400.DCC5AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8758-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-17.3 , bci/php:latest Container Release : 17.3 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 08:34:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 09:34:24 +0100 (CET) Subject: SUSE-CU-2025:8759-1: Security update of bci/python Message-ID: <20251202083424.F28D9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8759-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.14 , bci/python:3.11.14-78.10 Container Release : 78.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:08:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:08:52 +0100 (CET) Subject: SUSE-CU-2025:8759-1: Security update of bci/python Message-ID: <20251202100852.EE88EFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8759-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.14 , bci/python:3.11.14-78.10 Container Release : 78.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:09:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:09:13 +0100 (CET) Subject: SUSE-CU-2025:8763-1: Security update of bci/python Message-ID: <20251202100913.81AA6FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8763-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.9 , bci/python:3.13.9-80.10 , bci/python:latest Container Release : 80.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:09:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:09:31 +0100 (CET) Subject: SUSE-CU-2025:8764-1: Security update of bci/python Message-ID: <20251202100931.10D54FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8764-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.9 Container Release : 77.9 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:10:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:10:03 +0100 (CET) Subject: SUSE-CU-2025:8766-1: Security update of bci/ruby Message-ID: <20251202101003.97674FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8766-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.11 Container Release : 19.11 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:10:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:10:23 +0100 (CET) Subject: SUSE-CU-2025:8767-1: Security update of bci/ruby Message-ID: <20251202101023.ADF42FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8767-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.10 , bci/ruby:latest Container Release : 18.10 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:10:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:10:37 +0100 (CET) Subject: SUSE-CU-2025:8768-1: Security update of bci/rust Message-ID: <20251202101037.0FDC1FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8768-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-2.2.4 , bci/rust:oldstable , bci/rust:oldstable-2.2.4 Container Release : 2.4 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:10:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:10:53 +0100 (CET) Subject: SUSE-CU-2025:8769-1: Security update of bci/rust Message-ID: <20251202101053.8BDE1FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8769-1 Container Tags : bci/rust:1.91 , bci/rust:1.91.0 , bci/rust:1.91.0-1.2.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.4 Container Release : 2.4 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:11:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:11:12 +0100 (CET) Subject: SUSE-CU-2025:8770-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251202101113.00540FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8770-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-53.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 53.3 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - kmod-29-150600.13.3.1 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:11:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:11:13 +0100 (CET) Subject: SUSE-CU-2025:8771-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251202101113.BD020FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8771-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-53.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 53.4 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:11:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:11:27 +0100 (CET) Subject: SUSE-CU-2025:8772-1: Security update of suse/sle15 Message-ID: <20251202101127.CD63AFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8772-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.14.1 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.14.1 , suse/sle15:latest Container Release : 5.14.1 Severity : important Type : security References : 1231055 1249055 1252425 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - curl-8.14.1-150700.7.5.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated From sle-container-updates at lists.suse.com Tue Dec 2 10:11:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 11:11:51 +0100 (CET) Subject: SUSE-CU-2025:8773-1: Security update of bci/spack Message-ID: <20251202101151.48E6BFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8773-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.10 , bci/spack:latest Container Release : 19.10 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - libcurl-devel-8.14.1-150700.7.5.1 updated From sle-container-updates at lists.suse.com Tue Dec 2 11:37:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Dec 2025 12:37:37 +0100 (CET) Subject: SUSE-CU-2025:8775-1: Security update of bci/golang Message-ID: <20251202113737.36B30FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8775-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.10 , bci/golang:1.24.10-2.76.11 , bci/golang:oldstable , bci/golang:oldstable-2.76.11 Container Release : 76.11 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - container:registry.suse.com-bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Thu Dec 4 08:36:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Dec 2025 09:36:21 +0100 (CET) Subject: SUSE-CU-2025:8777-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251204083621.17333FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8777-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.16 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.16 Severity : important Type : security References : 1254353 CVE-2025-58436 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4319-1 Released: Wed Dec 3 13:34:00 2025 Summary: Security update for cups Type: security Severity: important References: 1254353,CVE-2025-58436 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. The following package changes have been done: - cups-config-2.2.7-150000.3.80.1 updated - libcups2-2.2.7-150000.3.80.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Thu Dec 4 08:36:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Dec 2025 09:36:36 +0100 (CET) Subject: SUSE-CU-2025:8778-1: Security update of suse/samba-server Message-ID: <20251204083636.204B5FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8778-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.10 , suse/samba-server:latest Container Release : 69.10 Severity : important Type : security References : 1254353 CVE-2025-58436 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4319-1 Released: Wed Dec 3 13:34:00 2025 Summary: Security update for cups Type: security Severity: important References: 1254353,CVE-2025-58436 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. The following package changes have been done: - cups-config-2.2.7-150000.3.80.1 updated - libcups2-2.2.7-150000.3.80.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 5 08:05:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 5 Dec 2025 09:05:12 +0100 (CET) Subject: SUSE-IU-2025:3828-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251205080512.2BFD3FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3828-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.224 , suse/sle-micro/base-5.5:latest Image Release : 5.8.224 Severity : important Type : security References : 1065729 1205128 1206843 1206893 1207612 1207619 1210763 1211162 1211692 1213098 1213114 1213747 1214754 1214954 1214992 1215148 1217366 1236104 1242960 1245498 1245499 1246211 1247317 1248754 1249479 1249608 1249857 1249859 1249988 1250237 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251823 1251930 1251967 1252033 1252035 1252047 1252060 1252069 1252265 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252688 1252785 1252893 CVE-2022-43945 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2023-52923 CVE-2023-53365 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-7324 CVE-2025-37885 CVE-2025-38084 CVE-2025-38085 CVE-2025-38476 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40044 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4320-1 Released: Thu Dec 4 11:04:15 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) The following package changes have been done: - kernel-default-5.14.21-150500.55.127.1 updated From sle-container-updates at lists.suse.com Fri Dec 5 08:06:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 5 Dec 2025 09:06:17 +0100 (CET) Subject: SUSE-IU-2025:3829-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251205080617.B5DBEFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3829-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.429 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.429 Severity : important Type : security References : 1065729 1205128 1206843 1206893 1207612 1207619 1210763 1211162 1211692 1213098 1213114 1213747 1214754 1214954 1214992 1215148 1217366 1236104 1242960 1245498 1245499 1246211 1247317 1248754 1249479 1249608 1249857 1249859 1249988 1250237 1250742 1250816 1250946 1251027 1251032 1251034 1251035 1251037 1251040 1251043 1251045 1251046 1251047 1251052 1251054 1251057 1251059 1251060 1251061 1251063 1251065 1251066 1251068 1251072 1251079 1251080 1251082 1251086 1251087 1251088 1251091 1251092 1251093 1251097 1251099 1251101 1251104 1251105 1251106 1251110 1251113 1251115 1251123 1251128 1251129 1251133 1251136 1251147 1251149 1251153 1251154 1251159 1251162 1251164 1251166 1251167 1251169 1251170 1251173 1251174 1251178 1251180 1251182 1251197 1251200 1251201 1251202 1251208 1251210 1251215 1251218 1251221 1251222 1251223 1251230 1251247 1251268 1251281 1251282 1251283 1251284 1251285 1251286 1251292 1251294 1251295 1251296 1251298 1251299 1251300 1251301 1251302 1251303 1251306 1251307 1251310 1251312 1251315 1251322 1251324 1251325 1251326 1251327 1251329 1251330 1251331 1251519 1251521 1251522 1251527 1251529 1251550 1251723 1251725 1251728 1251730 1251736 1251737 1251738 1251741 1251743 1251750 1251753 1251759 1251761 1251762 1251763 1251764 1251767 1251769 1251772 1251775 1251777 1251785 1251823 1251930 1251967 1252033 1252035 1252047 1252060 1252069 1252265 1252473 1252474 1252475 1252476 1252480 1252484 1252486 1252489 1252490 1252492 1252494 1252495 1252497 1252499 1252501 1252508 1252509 1252513 1252515 1252516 1252519 1252521 1252522 1252523 1252526 1252528 1252529 1252532 1252534 1252535 1252536 1252537 1252538 1252539 1252542 1252545 1252549 1252554 1252560 1252564 1252565 1252568 1252632 1252634 1252688 1252785 1252893 CVE-2022-43945 CVE-2022-50327 CVE-2022-50334 CVE-2022-50470 CVE-2022-50471 CVE-2022-50472 CVE-2022-50475 CVE-2022-50478 CVE-2022-50479 CVE-2022-50480 CVE-2022-50482 CVE-2022-50484 CVE-2022-50485 CVE-2022-50487 CVE-2022-50488 CVE-2022-50489 CVE-2022-50490 CVE-2022-50492 CVE-2022-50493 CVE-2022-50494 CVE-2022-50496 CVE-2022-50497 CVE-2022-50498 CVE-2022-50499 CVE-2022-50501 CVE-2022-50503 CVE-2022-50504 CVE-2022-50505 CVE-2022-50509 CVE-2022-50511 CVE-2022-50512 CVE-2022-50513 CVE-2022-50514 CVE-2022-50515 CVE-2022-50516 CVE-2022-50519 CVE-2022-50520 CVE-2022-50521 CVE-2022-50523 CVE-2022-50524 CVE-2022-50525 CVE-2022-50526 CVE-2022-50527 CVE-2022-50528 CVE-2022-50529 CVE-2022-50530 CVE-2022-50532 CVE-2022-50534 CVE-2022-50535 CVE-2022-50537 CVE-2022-50541 CVE-2022-50542 CVE-2022-50543 CVE-2022-50544 CVE-2022-50545 CVE-2022-50546 CVE-2022-50549 CVE-2022-50551 CVE-2022-50553 CVE-2022-50556 CVE-2022-50559 CVE-2022-50560 CVE-2022-50561 CVE-2022-50562 CVE-2022-50563 CVE-2022-50564 CVE-2022-50566 CVE-2022-50567 CVE-2022-50568 CVE-2022-50570 CVE-2022-50572 CVE-2022-50574 CVE-2022-50575 CVE-2022-50576 CVE-2022-50577 CVE-2022-50578 CVE-2022-50579 CVE-2022-50580 CVE-2022-50581 CVE-2022-50582 CVE-2023-52923 CVE-2023-53365 CVE-2023-53500 CVE-2023-53533 CVE-2023-53534 CVE-2023-53539 CVE-2023-53541 CVE-2023-53542 CVE-2023-53546 CVE-2023-53547 CVE-2023-53548 CVE-2023-53551 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53556 CVE-2023-53557 CVE-2023-53559 CVE-2023-53560 CVE-2023-53562 CVE-2023-53564 CVE-2023-53566 CVE-2023-53567 CVE-2023-53568 CVE-2023-53571 CVE-2023-53572 CVE-2023-53574 CVE-2023-53578 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53582 CVE-2023-53587 CVE-2023-53589 CVE-2023-53591 CVE-2023-53592 CVE-2023-53594 CVE-2023-53597 CVE-2023-53598 CVE-2023-53601 CVE-2023-53603 CVE-2023-53604 CVE-2023-53605 CVE-2023-53607 CVE-2023-53608 CVE-2023-53611 CVE-2023-53612 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53619 CVE-2023-53622 CVE-2023-53625 CVE-2023-53626 CVE-2023-53631 CVE-2023-53637 CVE-2023-53639 CVE-2023-53640 CVE-2023-53641 CVE-2023-53644 CVE-2023-53648 CVE-2023-53650 CVE-2023-53651 CVE-2023-53658 CVE-2023-53659 CVE-2023-53662 CVE-2023-53667 CVE-2023-53668 CVE-2023-53670 CVE-2023-53673 CVE-2023-53674 CVE-2023-53675 CVE-2023-53679 CVE-2023-53680 CVE-2023-53681 CVE-2023-53683 CVE-2023-53687 CVE-2023-53692 CVE-2023-53693 CVE-2023-53695 CVE-2023-53696 CVE-2023-53697 CVE-2023-53700 CVE-2023-53704 CVE-2023-53705 CVE-2023-53707 CVE-2023-53708 CVE-2023-53709 CVE-2023-53711 CVE-2023-53715 CVE-2023-53716 CVE-2023-53717 CVE-2023-53718 CVE-2023-53719 CVE-2023-53722 CVE-2023-53723 CVE-2023-53724 CVE-2023-53725 CVE-2023-53726 CVE-2023-53730 CVE-2023-7324 CVE-2025-37885 CVE-2025-38084 CVE-2025-38085 CVE-2025-38476 CVE-2025-39742 CVE-2025-39797 CVE-2025-39945 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-40018 CVE-2025-40044 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4320-1 Released: Thu Dec 4 11:04:15 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1205128,1206843,1206893,1207612,1207619,1210763,1211162,1211692,1213098,1213114,1213747,1214754,1214954,1214992,1215148,1217366,1236104,1242960,1245498,1245499,1246211,1247317,1248754,1249479,1249608,1249857,1249859,1249988,1250237,1250742,1250816,1250946,1251027,1251032,1251034,1251035,1251037,1251040,1251043,1251045,1251046,1251047,1251052,1251054,1251057,1251059,1251060,1251061,1251063,1251065,1251066,1251068,1251072,1251079,1251080,1251082,1251086,1251087,1251088,1251091,1251092,1251093,1251097,1251099,1251101,1251104,1251105,1251106,1251110,1251113,1251115,1251123,1251128,1251129,1251133,1251136,1251147,1251149,1251153,1251154,1251159,1251162,1251164,1251166,1251167,1251169,1251170,1251173,1251174,1251178,1251180,1251182,1251197,1251200,1251201,1251202,1251208,1251210,1251215,1251218,1251221,1251222,1251223,1251230,1251247,1251268,1251281,1251282,1251283,1251284,1251285,1251286,1251292,1251294,1251295,1251296,1251298,1251299,1251300,1251301,1251302,1251303,1 251306,1251307,1251310,1251312,1251315,1251322,1251324,1251325,1251326,1251327,1251329,1251330,1251331,1251519,1251521,1251522,1251527,1251529,1251550,1251723,1251725,1251728,1251730,1251736,1251737,1251738,1251741,1251743,1251750,1251753,1251759,1251761,1251762,1251763,1251764,1251767,1251769,1251772,1251775,1251777,1251785,1251823,1251930,1251967,1252033,1252035,1252047,1252060,1252069,1252265,1252473,1252474,1252475,1252476,1252480,1252484,1252486,1252489,1252490,1252492,1252494,1252495,1252497,1252499,1252501,1252508,1252509,1252513,1252515,1252516,1252519,1252521,1252522,1252523,1252526,1252528,1252529,1252532,1252534,1252535,1252536,1252537,1252538,1252539,1252542,1252545,1252549,1252554,1252560,1252564,1252565,1252568,1252632,1252634,1252688,1252785,1252893,CVE-2022-43945,CVE-2022-50327,CVE-2022-50334,CVE-2022-50470,CVE-2022-50471,CVE-2022-50472,CVE-2022-50475,CVE-2022-50478,CVE-2022-50479,CVE-2022-50480,CVE-2022-50482,CVE-2022-50484,CVE-2022-50485,CVE-2022-50487,CVE-2022-504 88,CVE-2022-50489,CVE-2022-50490,CVE-2022-50492,CVE-2022-50493,CVE-2022-50494,CVE-2022-50496,CVE-2022-50497,CVE-2022-50498,CVE-2022-50499,CVE-2022-50501,CVE-2022-50503,CVE-2022-50504,CVE-2022-50505,CVE-2022-50509,CVE-2022-50511,CVE-2022-50512,CVE-2022-50513,CVE-2022-50514,CVE-2022-50515,CVE-2022-50516,CVE-2022-50519,CVE-2022-50520,CVE-2022-50521,CVE-2022-50523,CVE-2022-50524,CVE-2022-50525,CVE-2022-50526,CVE-2022-50527,CVE-2022-50528,CVE-2022-50529,CVE-2022-50530,CVE-2022-50532,CVE-2022-50534,CVE-2022-50535,CVE-2022-50537,CVE-2022-50541,CVE-2022-50542,CVE-2022-50543,CVE-2022-50544,CVE-2022-50545,CVE-2022-50546,CVE-2022-50549,CVE-2022-50551,CVE-2022-50553,CVE-2022-50556,CVE-2022-50559,CVE-2022-50560,CVE-2022-50561,CVE-2022-50562,CVE-2022-50563,CVE-2022-50564,CVE-2022-50566,CVE-2022-50567,CVE-2022-50568,CVE-2022-50570,CVE-2022-50572,CVE-2022-50574,CVE-2022-50575,CVE-2022-50576,CVE-2022-50577,CVE-2022-50578,CVE-2022-50579,CVE-2022-50580,CVE-2022-50581,CVE-2022-50582,CVE-2023-52923,CVE- 2023-53365,CVE-2023-53500,CVE-2023-53533,CVE-2023-53534,CVE-2023-53539,CVE-2023-53541,CVE-2023-53542,CVE-2023-53546,CVE-2023-53547,CVE-2023-53548,CVE-2023-53551,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53556,CVE-2023-53557,CVE-2023-53559,CVE-2023-53560,CVE-2023-53562,CVE-2023-53564,CVE-2023-53566,CVE-2023-53567,CVE-2023-53568,CVE-2023-53571,CVE-2023-53572,CVE-2023-53574,CVE-2023-53578,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53582,CVE-2023-53587,CVE-2023-53589,CVE-2023-53591,CVE-2023-53592,CVE-2023-53594,CVE-2023-53597,CVE-2023-53598,CVE-2023-53601,CVE-2023-53603,CVE-2023-53604,CVE-2023-53605,CVE-2023-53607,CVE-2023-53608,CVE-2023-53611,CVE-2023-53612,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53619,CVE-2023-53622,CVE-2023-53625,CVE-2023-53626,CVE-2023-53631,CVE-2023-53637,CVE-2023-53639,CVE-2023-53640,CVE-2023-53641,CVE-2023-53644,CVE-2023-53648,CVE-2023-53650,CVE-2023-53651,CVE-2023-53658,CVE-2023-53659,CVE-2023-53662,CVE-2023-53667,CVE-2023-53 668,CVE-2023-53670,CVE-2023-53673,CVE-2023-53674,CVE-2023-53675,CVE-2023-53679,CVE-2023-53680,CVE-2023-53681,CVE-2023-53683,CVE-2023-53687,CVE-2023-53692,CVE-2023-53693,CVE-2023-53695,CVE-2023-53696,CVE-2023-53697,CVE-2023-53700,CVE-2023-53704,CVE-2023-53705,CVE-2023-53707,CVE-2023-53708,CVE-2023-53709,CVE-2023-53711,CVE-2023-53715,CVE-2023-53716,CVE-2023-53717,CVE-2023-53718,CVE-2023-53719,CVE-2023-53722,CVE-2023-53723,CVE-2023-53724,CVE-2023-53725,CVE-2023-53726,CVE-2023-53730,CVE-2023-7324,CVE-2025-37885,CVE-2025-38084,CVE-2025-38085,CVE-2025-38476,CVE-2025-39742,CVE-2025-39797,CVE-2025-39945,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-40018,CVE-2025-40044 The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859). - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857). - CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164). - CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741). - CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988). - CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816). - CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052). - CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222). - CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743). - CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763). - CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498). - CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499). - CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317). - CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479). - CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785). The following non security issues were fixed: - NFS: remove revoked delegation from server's delegation list (bsc#1246211). - NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - fbcon: Fix OOB access in font allocation (bsc#1252033) - kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823). - net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265). - net: mana: Switch to page pool for jumbo frames (bsc#1248754). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) The following package changes have been done: - kernel-default-base-5.14.21-150500.55.127.1.150500.6.61.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.224 updated From sle-container-updates at lists.suse.com Sat Dec 6 08:13:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Dec 2025 09:13:26 +0100 (CET) Subject: SUSE-CU-2025:8782-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251206081326.B93CAFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8782-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.101 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.101 Severity : important Type : recommended References : 1001888 1006827 1029961 1098094 1098228 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1170554 1180422 1180482 1182482 1182482 1185697 1186749 1187948 1190091 1191375 1192862 1194338 1196332 1196332 1200110 1206798 1224138 529469 837347 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4363-1 Released: Tue Dec 17 16:12:41 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. The following package changes have been done: - hwdata-0.394-150000.3.77.2 added - libpci3-3.13.0-150300.13.9.1 updated - pciutils-3.13.0-150300.13.9.1 updated - pciutils-ids-20200324-3.6.1 removed From sle-container-updates at lists.suse.com Sat Dec 6 08:22:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Dec 2025 09:22:24 +0100 (CET) Subject: SUSE-CU-2025:8783-1: Recommended update of suse/kiosk/xorg Message-ID: <20251206082224.C842FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8783-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.12 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.12 Severity : important Type : recommended References : 1001888 1006827 1029961 1098094 1098228 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1170554 1180422 1180482 1182482 1182482 1185697 1186749 1187948 1190091 1191375 1192862 1194338 1196332 1196332 1200110 1206798 1224138 529469 837347 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4363-1 Released: Tue Dec 17 16:12:41 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. The following package changes have been done: - libpci3-3.13.0-150300.13.9.1 updated - hwdata-0.394-150000.3.77.2 added - pciutils-3.13.0-150300.13.9.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - pciutils-ids-20200324-3.6.1 removed From sle-container-updates at lists.suse.com Tue Dec 9 08:10:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:10:57 +0100 (CET) Subject: SUSE-CU-2025:8785-1: Security update of bci/nodejs Message-ID: <20251209081057.C8BC9FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8785-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-59.9 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-59.9 Container Release : 59.9 Severity : moderate Type : security References : 1233529 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - curl-8.14.1-150600.4.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:14:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:14:22 +0100 (CET) Subject: SUSE-CU-2025:8787-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251209081422.C7801FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8787-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.17 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.17 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:15:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:15:06 +0100 (CET) Subject: SUSE-CU-2025:8789-1: Security update of bci/php-fpm Message-ID: <20251209081506.B0BD5FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8789-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-17.4 , bci/php-fpm:latest Container Release : 17.4 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:15:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:15:27 +0100 (CET) Subject: SUSE-CU-2025:8790-1: Security update of bci/php Message-ID: <20251209081527.01E4FFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8790-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-17.4 , bci/php:latest Container Release : 17.4 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:15:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:15:45 +0100 (CET) Subject: SUSE-CU-2025:8791-1: Security update of suse/samba-client Message-ID: <20251209081545.3EE61FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8791-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-69.9 , suse/samba-client:latest Container Release : 69.9 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:16:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:16:52 +0100 (CET) Subject: SUSE-CU-2025:8794-1: Security update of bci/spack Message-ID: <20251209081652.2AFD6FCE1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8794-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.12 , bci/spack:latest Container Release : 19.12 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:12:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:12:21 +0100 (CET) Subject: SUSE-CU-2025:8786-1: Security update of bci/python Message-ID: <20251209081221.32EE3FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8786-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.12 , bci/python:3.12.12-76.11 Container Release : 76.11 Severity : moderate Type : security References : 1233529 1251305 1252974 1253757 CVE-2025-11563 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4258-1 Released: Wed Nov 26 14:44:38 2025 Summary: Security update for python312 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python312 fixes the following issues: Update to 3.12.12: - CVE-2025-6075: Fixed quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Other fixes: - Fix readline history truncation when length is reduced The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - curl-8.14.1-150600.4.31.1 updated - libpython3_12-1_0-3.12.12-150600.3.37.1 updated - python312-base-3.12.12-150600.3.37.1 updated - python312-3.12.12-150600.3.37.1 updated - python312-devel-3.12.12-150600.3.37.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:16:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:16:03 +0100 (CET) Subject: SUSE-CU-2025:8792-1: Security update of suse/samba-server Message-ID: <20251209081603.B3129FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8792-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.11 , suse/samba-server:latest Container Release : 69.11 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:16:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:16:20 +0100 (CET) Subject: SUSE-CU-2025:8793-1: Security update of suse/samba-toolbox Message-ID: <20251209081620.42BA6FBAD@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8793-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-69.9 , suse/samba-toolbox:latest Container Release : 69.9 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Tue Dec 9 08:14:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 09:14:45 +0100 (CET) Subject: SUSE-CU-2025:8788-1: Security update of bci/php-apache Message-ID: <20251209081445.92337FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8788-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.4 , bci/php-apache:latest Container Release : 17.4 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 15:53:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:53:08 +0100 (CET) Subject: SUSE-CU-2025:8797-1: Security update of containers/open-webui Message-ID: <20251209155308.6A1C9FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8797-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.36 , containers/open-webui:0.6.36-13.5 Container Release : 13.5 Severity : moderate Type : security References : 1254132 CVE-2025-9820 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgnutls30-3.8.3-150600.4.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 9 15:53:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:53:31 +0100 (CET) Subject: SUSE-CU-2025:8800-1: Security update of containers/vllm-openai Message-ID: <20251209155331.D2877FB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/vllm-openai ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8800-1 Container Tags : containers/vllm-openai:0 , containers/vllm-openai:0.9.1 , containers/vllm-openai:0.9.1-3.40 Container Release : 3.40 Severity : important Type : security References : 1040589 1212476 1216545 1218588 1218664 1224386 1226308 1232526 1233529 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1238491 1239566 1239896 1239938 1240788 1240870 1241219 1241916 1243197 1243756 1243760 1243794 1243958 1243991 1244050 1245199 1245938 1245939 1245942 1245943 1245946 1246481 1246486 1247105 1247114 1247117 1247498 1247589 1247985 1248278 1248461 1248501 1249055 1249584 1250232 1250232 1250413 1250632 1251137 1251275 1251276 1251277 1251305 1251794 1251795 1252148 1252160 1252974 1253757 1254132 CVE-2025-0840 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-11563 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-27613 CVE-2025-27614 CVE-2025-30348 CVE-2025-3198 CVE-2025-3576 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-50422 CVE-2025-5244 CVE-2025-5245 CVE-2025-5455 CVE-2025-59375 CVE-2025-59728 CVE-2025-6075 CVE-2025-7039 CVE-2025-7545 CVE-2025-7546 CVE-2025-7700 CVE-2025-8224 CVE-2025-8225 CVE-2025-8291 CVE-2025-8851 CVE-2025-9230 CVE-2025-9230 CVE-2025-9301 CVE-2025-9820 CVE-2025-9900 ----------------------------------------------------------------- The container containers/vllm-openai was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3012-1 Released: Fri Aug 29 02:07:38 2025 Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML Type: security Severity: important References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3449-1 Released: Thu Oct 2 09:15:17 2025 Summary: Security update for cairo Type: security Severity: low References: 1247589,CVE-2025-50422 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3624-1 Released: Thu Oct 16 21:59:19 2025 Summary: Security update for expat Type: security Severity: important References: 1249584,CVE-2025-59375 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3715-1 Released: Wed Oct 22 09:11:23 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1226308,1251137,CVE-2025-59728,CVE-2025-7700 This update for ffmpeg-4 fixes the following issues: - CVE-2025-59728: allocated space for the appended '/' (bsc#1251137) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3723-1 Released: Wed Oct 22 13:22:09 2025 Summary: Security update for libqt5-qtbase Type: security Severity: moderate References: 1239896,1243958,CVE-2025-30348,CVE-2025-5455 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance (bsc#1239896). Other issues fixed: - Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances. - Fix a crash when parsing a particular glyph in a particular font. - Avoid repeatedly registering xsettings callbacks when switching cursor themes. - Check validity of RandR output info before using it. - Fix reparenting a window so it takes effect even if there are no other state changes to the window. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3812-1 Released: Mon Oct 27 17:13:21 2025 Summary: Security update for cmake Type: security Severity: low References: 1248461,CVE-2025-9301 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3957-1 Released: Wed Nov 5 16:45:18 2025 Summary: Security update for tiff Type: security Severity: important References: 1248278,1250413,CVE-2025-8851,CVE-2025-9900 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:33 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libselinux1-3.5-150600.3.3.1 updated - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libalternatives1-1.2+30.a5431e9-150600.1.15 updated - libatomic1-15.2.0+git10201-150000.1.3.3 updated - libexpat1-2.7.1-150400.3.31.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libglog2-0.7.1-150600.1.1 added - libgomp1-15.2.0+git10201-150000.1.3.3 updated - libitm1-15.2.0+git10201-150000.1.3.3 updated - liblcms2-2-2.15-150600.3.3.2 updated - liblsan0-15.2.0+git10201-150000.1.3.3 updated - libquadmath0-15.2.0+git10201-150000.1.3.3 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libsqlite3-0-3.50.4-150600.1.2 updated - libtbb12-2022.2.0-150600.1.2 updated - libubsan1-15.2.0+git10201-150000.1.3.3 updated - libudev1-254.27-150600.4.46.2 updated - libutf8_range-29_3_0-29.3-150600.3.2 updated - libutf8proc3-2.11.0-150600.1.1 added - libyaml-0-2-0.2.5-150600.1.2 updated - libzstd1-1.5.6-150600.1.11 updated - alts-1.2+30.a5431e9-150600.1.15 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgfortran5-15.2.0+git10201-150000.1.3.3 updated - libprotobuf29_3_0-29.3-150600.3.2 updated - libpng16-16-1.6.44-150600.1.2 updated - libelf1-0.185-150400.5.8.3 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libtiff6-4.7.1-150600.3.23.1 updated - libnvjitlink-devel-12-8-12.8.93-150600.5.2 updated - cuda-nvrtc-devel-12-8-12.8.93-150600.5.2 updated - libsystemd0-254.27-150600.4.46.2 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libdw1-0.185-150400.5.8.3 updated - nccl-2.28.11-150600.1.10 updated - libQt5Core5-5.15.12+kde151-150600.3.9.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - libarrow2000-20.0.0-150600.1.1 added - libzstd-devel-1.5.6-150600.1.11 updated - libQt5Test5-5.15.12+kde151-150600.3.9.1 updated - libQt5DBus5-5.15.12+kde151-150600.3.9.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - libcairo2-1.18.4-150600.3.3.1 updated - libarrow_acero2000-20.0.0-150600.1.1 added - libavutil56_70-4.4.6-150600.13.33.1 updated - libswscale5_9-4.4.6-150600.13.33.1 updated - libswresample3_9-4.4.6-150600.13.33.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libavcodec58_134-4.4.6-150600.13.33.1 updated - openssl-3-3.1.4-150600.5.39.1 updated - libthrift-0_17_0-0.17.0-150600.1.17 updated - krb5-1.20.1-150600.11.14.1 updated - libparquet2000-20.0.0-150600.1.1 added - libarrow_flight2000-20.0.0-150600.1.1 added - libarrow_dataset2000-20.0.0-150600.1.1 added - libcurl4-8.14.1-150600.4.31.1 updated - libavformat58_76-4.4.6-150600.13.33.1 updated - python311-base-3.11.14-150600.3.38.1 updated - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - cmake-full-3.28.3-150600.3.3.1 updated - python311-3.11.14-150600.3.38.1 updated - cmake-3.28.3-150600.3.3.1 updated - python311-xxhash-3.5.0-150600.1.2 updated - python311-wrapt-1.16.0-150600.1.15 updated - python311-uvloop-0.21.0-150600.1.5 updated - python311-typing_extensions-4.15.0-150600.1.1 updated - python311-triton-3.3.1-150600.1.13 updated - python311-sentencepiece-0.2.0-150600.1.3 updated - python311-safetensors-0.4.3-150600.1.26 updated - python311-rpds-py-0.7.1-150600.1.26 updated - python311-regex-2024.5.15-150600.1.16 updated - python311-pytrec-eval-terrier-0.5.7-150600.1.2 updated - python311-psutil-7.0.0-150600.1.2 updated - python311-protobuf-5.29.3-150600.3.4 updated - python311-propcache-0.2.0-150600.1.11 updated - python311-platformdirs-4.3.8-150600.1.1 updated - python311-outlines-core-0.2.11~0-150600.1.3 updated - python311-opentelemetry-semantic-conventions-ai-0.4.9-150600.1.2 updated - python311-ninja-1.11.1.4-150600.1.2 updated - python311-llvmlite-0.44.0-150600.1.2 updated - python311-jiter-0.5.0-150600.1.25 updated - python311-grpcio-1.69.0-150600.1.12 updated - python311-executing-2.2.0-150600.1.1 updated - python311-devel-3.11.14-150600.3.38.1 updated - python311-debugpy-1.8.14-150600.1.3 updated - python311-certifi-2024.7.4-150600.1.60 updated - python311-cchardet-2.1.19-150600.1.58 updated - python311-blake3-1.0.5-150600.1.5 updated - python311-bcrypt-5.0.0-150600.1.1 updated - python311-annotated-doc-0.0.3-150600.1.1 added - python311-aiohappyeyeballs-2.6.1-150600.1.2 updated - python311-PyYAML-6.0.2-150600.10.3.1 updated - libQt5Network5-5.15.12+kde151-150600.3.9.1 updated - python311-pydantic-core-2.39.0-150600.1.1 updated - python311-cffi-1.17.0-150600.1.18 updated - python311-Pillow-11.3.0-150600.1.4 updated - python311-scipy-1.14.1-150600.1.66 updated - python311-pyarrow-20.0.0-150600.1.2 updated - python311-llguidance-1.1.1-150600.1.4 updated - python311-yarl-1.18.3-150600.1.11 updated - python311-googleapis-common-protos-1.72.0-150600.1.1 updated - python311-aiosignal-1.4.0-150600.1.1 updated - python311-uvicorn-0.38.0-150600.1.1 updated - python311-gguf-0.17.1-150600.1.2 updated - libQt5Gui5-5.15.12+kde151-150600.3.9.1 updated - python311-pydantic-2.11.9-150600.1.1 updated - python311-pandas-2.2.3-150600.1.80 updated - python311-cryptography-43.0.1-150600.1.28 updated - python311-rich-14.0.0-150600.1.2 updated - python311-watchfiles-1.1.0-150600.1.4 updated - python311-aiohttp-3.12.15-150600.1.2 updated - python311-numba-0.61.2-150600.1.2 updated - libQt5Widgets5-5.15.12+kde151-150600.3.9.1 updated - python311-lm-format-enforcer-0.10.11-150600.1.2 updated - python311-fastapi-0.120.2-150600.1.1 updated - libQt5OpenGL5-5.15.12+kde151-150600.3.9.1 updated - python311-requests-2.32.5-150600.1.1 updated - python311-tiktoken-0.7.0-150600.1.27 updated - python311-prometheus-fastapi-instrumentator-7.1.0-150600.1.2 updated - python311-google-genai-1.53.0-150600.1.1 updated - python311-huggingface-hub-0.34.0-150600.1.1 updated - python311-msgspec-0.18.6-150600.1.2 updated - python311-xformers-cuda-0.0.31-150600.1.22 updated - python311-torchvision-cuda-0.22.0-150600.1.3 updated - python311-torchaudio-cuda-2.7.0-150600.1.20 updated - python311-matplotlib-3.9.0-150600.1.15 updated - python311-polars-1.32.0-150600.1.5 updated - python311-xgrammar-0.1.21-150600.1.18 updated - python311-torch-cuda-2.8.0-150600.2.10 updated - python311-torch-2.8.0-150600.2.2 updated - python311-torch-cuda-devel-2.8.0-150600.2.10 updated - python311-scikit-learn-1.5.1-150600.1.71 updated - python311-sentence-transformers-5.1.2-150600.1.1 updated - python311-vllm-cuda-0.9.1-150600.1.6 updated - container:registry.suse.com-bci-bci-micro-15.6-d3c5ecb6881715ec325e80a122b8b0b1d5474f481cd467ef6f41e4c0ff44fe5f-0 updated - libarrow1700-17.0.0-150600.2.24 removed - libarrow_acero1700-17.0.0-150600.2.24 removed - libarrow_dataset1700-17.0.0-150600.2.24 removed - libarrow_flight1700-17.0.0-150600.2.24 removed - libgflags2_2-2.2.2-150600.1.12 removed - libglog-4-0-0.4.0-150600.1.12 removed - libnuma1-2.0.14.20.g4ee5e0c-150400.1.24 removed - libparquet1700-17.0.0-150600.2.24 removed - libutf8proc2-2.8.0-150600.1.3 removed From sle-container-updates at lists.suse.com Tue Dec 9 15:55:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:55:36 +0100 (CET) Subject: SUSE-IU-2025:3840-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251209155536.14966FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3840-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.107 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.107 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 529 Released: Tue Dec 9 08:19:13 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.0-25.57 updated - libcurl-mini4-8.14.1-2.1 updated - container:SL-Micro-base-container-2.1.3-7.73 updated From sle-container-updates at lists.suse.com Tue Dec 9 15:56:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:56:27 +0100 (CET) Subject: SUSE-IU-2025:3841-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20251209155627.06CE5FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3841-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.73 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.73 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 529 Released: Tue Dec 9 08:19:13 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.0-25.57 updated - libcurl-mini4-8.14.1-2.1 updated - curl-8.14.1-2.1 updated - container:suse-toolbox-image-1.0.0-9.49 updated From sle-container-updates at lists.suse.com Tue Dec 9 15:57:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:57:21 +0100 (CET) Subject: SUSE-IU-2025:3842-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251209155721.D4E2DFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3842-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.95 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.95 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 529 Released: Tue Dec 9 08:19:13 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.0-25.57 updated - libcurl-mini4-8.14.1-2.1 updated - container:SL-Micro-base-container-2.1.3-7.73 updated From sle-container-updates at lists.suse.com Tue Dec 9 15:58:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 16:58:20 +0100 (CET) Subject: SUSE-IU-2025:3843-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251209155820.C144CFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3843-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.109 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.109 Severity : moderate Type : security References : 1253757 CVE-2025-11563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 529 Released: Tue Dec 9 08:19:13 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.0-25.57 updated - libcurl-mini4-8.14.1-2.1 updated - container:SL-Micro-container-2.1.3-6.107 updated From sle-container-updates at lists.suse.com Tue Dec 9 16:00:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Dec 2025 17:00:19 +0100 (CET) Subject: SUSE-CU-2025:8803-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20251209160019.6F093FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8803-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.49 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.49 Severity : moderate Type : security References : 1251305 1252974 1253757 CVE-2025-11563 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 529 Released: Tue Dec 9 08:19:13 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). ----------------------------------------------------------------- Advisory ID: 530 Released: Tue Dec 9 08:37:33 2025 Summary: Security update for python311 Type: security Severity: moderate References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) is not checked by the 'zipfile' module (bsc#1251305). - CVE-2025-6075: Fixed the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables (bsc#1252974). The following package changes have been done: - SL-Micro-release-6.0-25.57 updated - curl-8.14.1-2.1 updated - libcurl-mini4-8.14.1-2.1 updated - libpython3_11-1_0-3.11.14-1.1 updated - python311-base-3.11.14-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.56 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:07:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:07:40 +0100 (CET) Subject: SUSE-IU-2025:3844-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251210080740.31DB9FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3844-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.225 , suse/sle-micro/base-5.5:latest Image Release : 5.8.225 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150300.4.18.1 updated - kmod-29-150300.4.18.1 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:09:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:09:10 +0100 (CET) Subject: SUSE-IU-2025:3845-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251210080910.24A36FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3845-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.431 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.431 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150300.4.18.1 updated - kmod-29-150300.4.18.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.225 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:23:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:23:04 +0100 (CET) Subject: SUSE-CU-2025:8818-1: Recommended update of suse/sle-micro-rancher/5.4 Message-ID: <20251210082304.A1A83FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8818-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.103 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.103 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - kmod-29-150300.4.18.1 updated - libkmod2-29-150300.4.18.1 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:24:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:24:17 +0100 (CET) Subject: SUSE-IU-2025:3847-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251210082417.7ED09FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3847-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.108 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.108 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 532 Released: Tue Dec 9 16:43:38 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.0-25.58 updated - libglib-2_0-0-2.76.2-10.1 updated - libgobject-2_0-0-2.76.2-10.1 updated - libgmodule-2_0-0-2.76.2-10.1 updated - libgio-2_0-0-2.76.2-10.1 updated - glib2-tools-2.76.2-10.1 updated - container:SL-Micro-base-container-2.1.3-7.75 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:25:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:25:32 +0100 (CET) Subject: SUSE-IU-2025:3848-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20251210082532.D2D0DFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3848-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.75 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.75 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 532 Released: Tue Dec 9 16:43:38 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.0-25.58 updated - libglib-2_0-0-2.76.2-10.1 updated - libgobject-2_0-0-2.76.2-10.1 updated - libgmodule-2_0-0-2.76.2-10.1 updated - libgio-2_0-0-2.76.2-10.1 updated - glib2-tools-2.76.2-10.1 updated - container:suse-toolbox-image-1.0.0-9.51 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:26:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:26:53 +0100 (CET) Subject: SUSE-IU-2025:3849-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251210082653.CF872FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3849-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.96 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.96 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 532 Released: Tue Dec 9 16:43:38 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.0-25.58 updated - libglib-2_0-0-2.76.2-10.1 updated - libgobject-2_0-0-2.76.2-10.1 updated - libgmodule-2_0-0-2.76.2-10.1 updated - libgio-2_0-0-2.76.2-10.1 updated - glib2-tools-2.76.2-10.1 updated - container:SL-Micro-base-container-2.1.3-7.75 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:28:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:28:14 +0100 (CET) Subject: SUSE-IU-2025:3850-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251210082814.A3C00FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3850-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.110 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.110 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 532 Released: Tue Dec 9 16:43:38 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.0-25.58 updated - libglib-2_0-0-2.76.2-10.1 updated - libgobject-2_0-0-2.76.2-10.1 updated - libgmodule-2_0-0-2.76.2-10.1 updated - libgio-2_0-0-2.76.2-10.1 updated - glib2-tools-2.76.2-10.1 updated - container:SL-Micro-container-2.1.3-6.108 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:30:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:30:57 +0100 (CET) Subject: SUSE-CU-2025:8821-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20251210083057.5A8E5FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8821-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.51 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.51 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 532 Released: Tue Dec 9 16:43:38 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed Buffer Under-read in gfileutils.c (bsc#1249055) The following package changes have been done: - SL-Micro-release-6.0-25.58 updated - libglib-2_0-0-2.76.2-10.1 updated - libgmodule-2_0-0-2.76.2-10.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.57 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:31:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:31:42 +0100 (CET) Subject: SUSE-IU-2025:3851-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251210083142.51AD8FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3851-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.35 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.35 Severity : moderate Type : security References : 1236217 1242300 1244156 1244157 1244158 1251305 1252974 1253757 CVE-2025-0913 CVE-2025-11563 CVE-2025-22874 CVE-2025-4673 CVE-2025-47268 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 346 Released: Tue Dec 9 17:34:04 2025 Summary: Security update for curl Type: security Severity: moderate References: 1242300,1253757,CVE-2025-11563,CVE-2025-47268 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). ----------------------------------------------------------------- Advisory ID: 347 Released: Tue Dec 9 18:00:05 2025 Summary: Security update for python311 Type: security Severity: moderate References: 1236217,1244156,1244157,1244158,1251305,1252974,CVE-2025-0913,CVE-2025-22874,CVE-2025-4673,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) is not checked by the 'zipfile' module (bsc#1251305). - CVE-2025-6075: Fixed the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables (bsc#1252974). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.70 updated - libcurl4-8.14.1-slfo.1.1_3.1 updated - python311-base-3.11.14-slfo.1.1_1.1 updated - libpython3_11-1_0-3.11.14-slfo.1.1_1.1 updated - python311-3.11.14-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.57 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:32:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:32:40 +0100 (CET) Subject: SUSE-IU-2025:3852-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251210083240.9625EFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3852-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.57 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.57 Severity : moderate Type : security References : 1242300 1253757 CVE-2025-11563 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 346 Released: Tue Dec 9 17:34:04 2025 Summary: Security update for curl Type: security Severity: moderate References: 1242300,1253757,CVE-2025-11563,CVE-2025-47268 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.70 updated - libcurl4-8.14.1-slfo.1.1_3.1 updated - curl-8.14.1-slfo.1.1_3.1 updated - container:suse-toolbox-image-1.0.0-4.91 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:33:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:33:42 +0100 (CET) Subject: SUSE-IU-2025:3853-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251210083342.3431CFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3853-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.59 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.59 Severity : moderate Type : security References : 1242300 1253757 CVE-2025-11563 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 346 Released: Tue Dec 9 17:34:04 2025 Summary: Security update for curl Type: security Severity: moderate References: 1242300,1253757,CVE-2025-11563,CVE-2025-47268 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.70 updated - libcurl4-8.14.1-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.1-5.57 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:34:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:34:43 +0100 (CET) Subject: SUSE-IU-2025:3854-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251210083443.EF58CFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3854-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.48 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.48 Severity : moderate Type : security References : 1242300 1253757 CVE-2025-11563 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 346 Released: Tue Dec 9 17:34:04 2025 Summary: Security update for curl Type: security Severity: moderate References: 1242300,1253757,CVE-2025-11563,CVE-2025-47268 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.70 updated - libcurl4-8.14.1-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.1-7.35 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:38:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:38:03 +0100 (CET) Subject: SUSE-IU-2025:3855-1: Recommended update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251210083803.3C0AEFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3855-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.13 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.13 Severity : important Type : recommended References : 1225070 1226660 1227590 1227593 1227594 1227595 1234015 1236886 1252250 CVE-2024-28397 CVE-2024-36039 CVE-2024-38875 CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 97 Released: Fri May 9 08:41:53 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1225070,1226660,1227590,1227593,1227594,1227595,1234015,1236886,1252250,CVE-2024-28397,CVE-2024-36039,CVE-2024-38875,CVE-2024-39329,CVE-2024-39330,CVE-2024-39614 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). Add patch for the description of these schemes in the relevant man page. - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 - journald: * close runtime journals before their parent directory removed * reset runtime seqnum data when flushing to system journal (bsc#1236886) The following package changes have been done: - libX11-data-1.8.10-160000.3.1 updated - libX11-6-1.8.10-160000.3.1 updated From sle-container-updates at lists.suse.com Wed Dec 10 08:45:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:45:05 +0100 (CET) Subject: SUSE-CU-2025:8826-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251210084505.411CFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8826-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.139 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.139 Severity : important Type : security References : 1001888 1006827 1029961 1098094 1098228 1103388 1104120 1106523 1121410 1168806 1170160 1170160 1170554 1180422 1180482 1182482 1182482 1185697 1186749 1187948 1190091 1191375 1192862 1194338 1196332 1196332 1200110 1206798 1224138 1249055 529469 837347 CVE-2025-7039 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2022-1 Released: Wed Sep 26 09:48:09 2018 Summary: Recommended update for SUSE Manager Client Tools Type: recommended Severity: moderate References: 1103388,1104120,1106523 This update fixes the following issues: hwdata: - Update to version 0.314: + Updated pci, usb and vendor ids. spacewalk-backend: - Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120) - Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1022-1 Released: Wed Apr 24 13:46:51 2019 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1121410 This update for hwdata fixes the following issues: Update to version 0.320 (bsc#1121410): - Updated the pci, usb and vendor ids vendor and product databases. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1261-1 Released: Tue May 12 18:40:18 2020 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1168806 This update for hwdata fixes the following issues: Update from version 0.320 to version 0.324 (bsc#1168806) - Updated pci, usb and vendor ids. - Replace pciutils-ids package providing compatibility symbolic link ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:421-1 Released: Wed Feb 10 12:05:23 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1180422,1180482 This update for hwdata fixes the following issues: - Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482) - Updated pci, usb and vendor ids. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:880-1 Released: Fri Mar 19 04:14:38 2021 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1170160,1182482 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1950-1 Released: Thu Jun 10 14:42:00 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1170160,1182482,1185697 This update for hwdata fixes the following issues: - Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697) - Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2447-1 Released: Thu Jul 22 08:26:29 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1186749,1187948 This update for hwdata fixes the following issue: - Version 0.349: Updated pci, usb and vendor ids (bsc#1187948). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2973-1 Released: Tue Sep 7 16:56:08 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1190091 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids (bsc#1190091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3832-1 Released: Wed Dec 1 14:51:19 2021 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1191375 This update for hwdata fixes the following issue: - Update to version 0.353 (bsc#1191375) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:100-1 Released: Tue Jan 18 05:20:03 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1194338 This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1204-1 Released: Thu Apr 14 12:15:55 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1703-1 Released: Tue May 17 12:13:36 2022 Summary: Recommended update for hwdata Type: recommended Severity: important References: 1196332 This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3135-1 Released: Wed Sep 7 08:39:31 2022 Summary: Recommended update for hwdata Type: recommended Severity: low References: 1200110 This update for hwdata fixes the following issue: - Update pci, usb and vendor ids to version 0.360 (bsc#1200110) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:46-1 Released: Mon Jan 9 10:35:21 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4363-1 Released: Tue Dec 17 16:12:41 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. The following package changes have been done: - glib2-tools-2.78.6-150600.4.22.1 updated - hwdata-0.394-150000.3.77.2 added - libgio-2_0-0-2.78.6-150600.4.22.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libpci3-3.13.0-150300.13.9.1 updated - pciutils-3.13.0-150300.13.9.1 updated - pciutils-ids-20200324-3.6.1 removed From sle-container-updates at lists.suse.com Wed Dec 10 08:49:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Dec 2025 09:49:08 +0100 (CET) Subject: SUSE-CU-2025:8827-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20251210084908.DDC6DFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8827-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.12 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.12 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4331-1 Released: Tue Dec 9 12:55:17 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150300.4.18.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:05:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:05:58 +0100 (CET) Subject: SUSE-IU-2025:3861-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251211080558.13975FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3861-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.226 , suse/sle-micro/base-5.5:latest Image Release : 5.8.226 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgobject-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated - libgio-2_0-0-2.70.5-150400.3.26.1 updated - glib2-tools-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:07:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:07:18 +0100 (CET) Subject: SUSE-IU-2025:3862-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251211080718.09B90FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3862-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.433 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.433 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgobject-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated - libgio-2_0-0-2.70.5-150400.3.26.1 updated - glib2-tools-2.70.5-150400.3.26.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.226 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:12:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:12:25 +0100 (CET) Subject: SUSE-CU-2025:8837-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251211081225.D8451FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8837-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.91 , private-registry/harbor-nginx:latest Container Release : 2.91 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4350-1 Released: Wed Dec 10 14:52:26 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) * imDefLkup: commit first info in XimCommitInfo * ximcp: Unmark to fabricate key events with XKeyEvent serial The following package changes have been done: - libX11-data-1.8.7-150600.3.6.1 updated - libX11-6-1.8.7-150600.3.6.1 updated - system-user-harbor-2.13.2_git56172457-150600.1.5 updated - container:suse-sle15-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:12:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:12:41 +0100 (CET) Subject: SUSE-CU-2025:8838-1: Recommended update of private-registry/harbor-portal Message-ID: <20251211081241.4FEC3FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8838-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-4.9 , private-registry/harbor-portal:2.13.2_git56172457 , private-registry/harbor-portal:2.13.2_git56172457-4.9 , private-registry/harbor-portal:latest Container Release : 4.9 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4350-1 Released: Wed Dec 10 14:52:26 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) * imDefLkup: commit first info in XimCommitInfo * ximcp: Unmark to fabricate key events with XKeyEvent serial The following package changes have been done: - libX11-data-1.8.7-150600.3.6.1 updated - libX11-6-1.8.7-150600.3.6.1 updated - system-user-harbor-2.13.2_git56172457-150600.1.5 updated - harbor213-portal-2.13.2_git56172457-150600.1.5 updated - container:suse-sle15-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:22:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:22:41 +0100 (CET) Subject: SUSE-CU-2025:8843-1: Security update of suse/sle-micro-rancher/5.4 Message-ID: <20251211082241.171D7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro-rancher/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8843-1 Container Tags : suse/sle-micro-rancher/5.4:5.4.4.5.105 , suse/sle-micro-rancher/5.4:latest Container Release : 4.5.105 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro-rancher/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - glib2-tools-2.70.5-150400.3.26.1 updated - libgio-2_0-0-2.70.5-150400.3.26.1 updated - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated - libgobject-2_0-0-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:27:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:27:20 +0100 (CET) Subject: SUSE-CU-2025:8844-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20251211082720.8FC5CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8844-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.164 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.164 Severity : moderate Type : recommended References : 1249359 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4356-1 Released: Thu Dec 11 04:00:39 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) - Rebuilt dependencies (no source changes) * apache-rpm-macros-control * cyrus-sasl * libapr1 * libapr-util1 * libdb-4_8 * openldap2 The following package changes have been done: - libldap-2_4-2-2.4.41-22.26.9 updated - libsasl2-3-2.1.26-14.7.9 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:32:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:32:55 +0100 (CET) Subject: SUSE-CU-2025:8847-1: Recommended update of bci/bci-init Message-ID: <20251211083255.DEC7BFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8847-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.10 Container Release : 50.10 Severity : important Type : recommended References : 1253741 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150600.13.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:32:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:32:57 +0100 (CET) Subject: SUSE-CU-2025:8848-1: Security update of bci/bci-init Message-ID: <20251211083257.3376DFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8848-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.11 Container Release : 50.11 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - container:registry.suse.com-bci-bci-base-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:35:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:35:44 +0100 (CET) Subject: SUSE-CU-2025:8850-1: Security update of bci/python Message-ID: <20251211083544.E4900FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8850-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.12 , bci/python:3.12.12-76.12 Container Release : 76.12 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:38:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:38:56 +0100 (CET) Subject: SUSE-CU-2025:8851-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20251211083856.8FA2FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8851-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.56.4 Container Release : 56.4 Severity : important Type : recommended References : 1233529 1253741 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - kmod-29-150600.13.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:38:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:38:57 +0100 (CET) Subject: SUSE-CU-2025:8852-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251211083857.D04DCFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8852-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.56.5 Container Release : 56.5 Severity : moderate Type : security References : 1249055 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:40:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:40:06 +0100 (CET) Subject: SUSE-CU-2025:8853-1: Security update of suse/sle15 Message-ID: <20251211084006.7FC26FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8853-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.15 , suse/sle15:15.6 , suse/sle15:15.6.47.26.15 Container Release : 47.26.15 Severity : important Type : security References : 1231055 1249055 1252425 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - curl-8.14.1-150600.4.31.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:41:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:41:44 +0100 (CET) Subject: SUSE-CU-2025:8854-1: Security update of bci/spack Message-ID: <20251211084144.F3E79FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8854-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.90 Container Release : 11.90 Severity : moderate Type : security References : 1233529 1249055 1253757 1254132 CVE-2025-11563 CVE-2025-7039 CVE-2025-9820 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libudev1-254.27-150600.4.46.2 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - libcurl-devel-8.14.1-150600.4.31.1 updated - container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:42:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:42:00 +0100 (CET) Subject: SUSE-CU-2025:8856-1: Recommended update of suse/registry Message-ID: <20251211084200.CA587FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8856-1 Container Tags : suse/registry:2.8 , suse/registry:2.8 , suse/registry:2.8-19.3 , suse/registry:latest Container Release : 19.3 Severity : moderate Type : recommended References : 1249359 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4358-1 Released: Thu Dec 11 04:04:56 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) The following package changes have been done: - apache2-utils-2.4.62-150700.4.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:42:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:42:24 +0100 (CET) Subject: SUSE-CU-2025:8857-1: Security update of bci/golang Message-ID: <20251211084224.4145DFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8857-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.11 , bci/golang:1.24.11-2.76.12 , bci/golang:oldstable , bci/golang:oldstable-2.76.12 Container Release : 76.12 Severity : important Type : security References : 1236217 1245878 1254430 1254431 CVE-2025-61727 CVE-2025-61729 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4337-1 Released: Wed Dec 10 00:51:24 2025 Summary: Security update for go1.24 Type: security Severity: important References: 1236217,1245878,1254430,1254431,CVE-2025-61727,CVE-2025-61729 This update for go1.24 fixes the following issues: go1.24.11 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. (bsc#1236217) CVE-2025-61727 CVE-2025-61729: * go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores - Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update-alternatives The following package changes have been done: - go1.24-doc-1.24.11-150000.1.50.1 updated - go1.24-1.24.11-150000.1.50.1 updated - go1.24-race-1.24.11-150000.1.50.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:42:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:42:53 +0100 (CET) Subject: SUSE-CU-2025:8858-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251211084253.D284AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8858-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.18 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.18 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-xcb1-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:43:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:43:18 +0100 (CET) Subject: SUSE-CU-2025:8859-1: Recommended update of suse/nginx Message-ID: <20251211084318.8D117FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8859-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-68.2 , suse/nginx:latest Container Release : 68.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:43:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:43:47 +0100 (CET) Subject: SUSE-CU-2025:8860-1: Recommended update of bci/openjdk-devel Message-ID: <20251211084347.17696FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8860-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-14.14 Container Release : 14.14 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated - container:bci-openjdk-17-15.7.17-13.12 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:44:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:44:11 +0100 (CET) Subject: SUSE-CU-2025:8861-1: Recommended update of bci/openjdk Message-ID: <20251211084411.AE915FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8861-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.12 Container Release : 13.12 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:44:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:44:37 +0100 (CET) Subject: SUSE-CU-2025:8862-1: Recommended update of bci/openjdk-devel Message-ID: <20251211084437.856F9FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8862-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-18.2 Container Release : 18.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated - container:bci-openjdk-21-15.7.21-17.2 updated From sle-container-updates at lists.suse.com Thu Dec 11 08:45:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 09:45:00 +0100 (CET) Subject: SUSE-CU-2025:8863-1: Recommended update of bci/openjdk Message-ID: <20251211084500.5B543FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8863-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-17.2 Container Release : 17.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:05 +0100 (CET) Subject: SUSE-CU-2025:8864-1: Recommended update of bci/openjdk-devel Message-ID: <20251211100305.9ADE3FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8864-1 Container Tags : bci/openjdk-devel:25 , bci/openjdk-devel:25.0.1.0 , bci/openjdk-devel:25.0.1.0-2.2 , bci/openjdk-devel:latest Container Release : 2.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated - container:bci-openjdk-25-15.7.25-2.2 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:06 +0100 (CET) Subject: SUSE-CU-2025:8865-1: Recommended update of bci/openjdk Message-ID: <20251211100306.E8874FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8865-1 Container Tags : bci/openjdk:25 , bci/openjdk:25.0.1.0 , bci/openjdk:25.0.1.0-2.2 , bci/openjdk:latest Container Release : 2.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:04 +0100 (CET) Subject: SUSE-CU-2025:8863-1: Recommended update of bci/openjdk Message-ID: <20251211100304.0E6B6FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8863-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-17.2 Container Release : 17.2 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:29 +0100 (CET) Subject: SUSE-CU-2025:8866-1: Recommended update of bci/php-apache Message-ID: <20251211100329.D0787FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8866-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.5 , bci/php-apache:latest Container Release : 17.5 Severity : moderate Type : recommended References : 1249359 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4358-1 Released: Thu Dec 11 04:04:56 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) The following package changes have been done: - apache2-prefork-2.4.62-150700.4.6.1 updated - apache2-2.4.62-150700.4.6.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:48 +0100 (CET) Subject: SUSE-CU-2025:8867-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251211100348.AA8E6FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8867-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.12 , suse/kiosk/pulseaudio:latest Container Release : 67.12 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-xcb1-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:03:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:03:58 +0100 (CET) Subject: SUSE-CU-2025:8868-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20251211100358.CD679FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8868-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.9 , suse/kiosk/xorg-client:latest Container Release : 69.9 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:04:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:04:18 +0100 (CET) Subject: SUSE-CU-2025:8869-1: Recommended update of suse/kiosk/xorg Message-ID: <20251211100418.617C6FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8869-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.13 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.13 Severity : important Type : recommended References : 1252250 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) The following package changes have been done: - libX11-data-1.8.10-150700.4.3.1 updated - libX11-xcb1-1.8.10-150700.4.3.1 updated - libX11-6-1.8.10-150700.4.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:07:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:07:34 +0100 (CET) Subject: SUSE-CU-2025:8882-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251211100734.408C2FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8882-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.13 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.13 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated - libgobject-2_0-0-2.70.5-150400.3.26.1 updated - libgio-2_0-0-2.70.5-150400.3.26.1 updated - glib2-tools-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Thu Dec 11 10:07:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Dec 2025 11:07:36 +0100 (CET) Subject: SUSE-CU-2025:8883-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20251211100736.E3270FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8883-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.14 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.14 Severity : moderate Type : recommended References : 1249359 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4360-1 Released: Thu Dec 11 04:07:52 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) The following package changes have been done: - apache2-utils-2.4.51-150400.6.49.1 updated - apache2-2.4.51-150400.6.49.1 updated - apache2-prefork-2.4.51-150400.6.49.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:05:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:05:35 +0100 (CET) Subject: SUSE-IU-2025:3875-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251212080535.C8202FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3875-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.227 , suse/sle-micro/base-5.5:latest Image Release : 5.8.227 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:06:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:06:56 +0100 (CET) Subject: SUSE-IU-2025:3876-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251212080656.D5FAFFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3876-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.435 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.435 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.227 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:10:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:10:54 +0100 (CET) Subject: SUSE-CU-2025:8886-1: Recommended update of private-registry/harbor-core Message-ID: <20251212081054.293B2FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-core ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8886-1 Container Tags : private-registry/harbor-core:2.13 , private-registry/harbor-core:2.13.2 , private-registry/harbor-core:2.13.2-4.12 , private-registry/harbor-core:2.13.2_git56172457 , private-registry/harbor-core:2.13.2_git56172457-4.12 , private-registry/harbor-core:latest Container Release : 4.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-core was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:11:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:11:09 +0100 (CET) Subject: SUSE-CU-2025:8887-1: Security update of private-registry/harbor-db Message-ID: <20251212081109.742ABFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8887-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-4.12 , private-registry/harbor-db:2.13.2_git56172457 , private-registry/harbor-db:2.13.2_git56172457-4.12 , private-registry/harbor-db:latest Container Release : 4.12 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1227888 1228260 1228535 1230093 1230516 1232528 1234068 1235151 1236588 1236589 1236590 1243397 1243706 1243933 1245309 1245310 1245311 1245314 1246197 1246197 1246974 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2024-11053 CVE-2024-6197 CVE-2024-6874 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0167 CVE-2025-0665 CVE-2025-0725 CVE-2025-10148 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-4947 CVE-2025-5025 CVE-2025-5318 CVE-2025-5372 CVE-2025-5399 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 The following package changes have been done: - libbrotlicommon1-1.0.7-150200.3.5.1 added - libnghttp2-14-1.40.0-150600.23.2 added - libssh-config-0.9.8-150600.11.6.1 added - libunistring2-0.9.10-1.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150600.4.31.1 added - libpq5-18.1-150600.13.3.1 updated - postgresql-18-150600.17.9.1 updated - postgresql17-17.7-150600.13.19.1 updated - postgresql-server-18-150600.17.9.1 updated - postgresql17-server-17.7-150600.13.19.1 updated - harbor213-db-2.13.2_git56172457-150600.1.6 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:11:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:11:10 +0100 (CET) Subject: SUSE-CU-2025:8888-1: Recommended update of private-registry/harbor-db Message-ID: <20251212081110.6222EFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-db ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8888-1 Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-4.14 , private-registry/harbor-db:2.13.2_git56172457 , private-registry/harbor-db:2.13.2_git56172457-4.14 , private-registry/harbor-db:latest Container Release : 4.14 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-db was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:11:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:11:23 +0100 (CET) Subject: SUSE-CU-2025:8890-1: Recommended update of private-registry/harbor-exporter Message-ID: <20251212081123.0DDCCFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8890-1 Container Tags : private-registry/harbor-exporter:2.13 , private-registry/harbor-exporter:2.13.2 , private-registry/harbor-exporter:2.13.2-4.12 , private-registry/harbor-exporter:2.13.2_git56172457 , private-registry/harbor-exporter:2.13.2_git56172457-4.12 , private-registry/harbor-exporter:latest Container Release : 4.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:11:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:11:35 +0100 (CET) Subject: SUSE-CU-2025:8892-1: Recommended update of private-registry/harbor-jobservice Message-ID: <20251212081135.A1BEDFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-jobservice ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8892-1 Container Tags : private-registry/harbor-jobservice:2.13 , private-registry/harbor-jobservice:2.13.2 , private-registry/harbor-jobservice:2.13.2-4.12 , private-registry/harbor-jobservice:2.13.2_git56172457 , private-registry/harbor-jobservice:2.13.2_git56172457-4.12 , private-registry/harbor-jobservice:latest Container Release : 4.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-jobservice was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:11:52 +0100 (CET) Subject: SUSE-CU-2025:8894-1: Recommended update of private-registry/harbor-nginx Message-ID: <20251212081152.8D290FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8894-1 Container Tags : private-registry/harbor-nginx:1.21 , private-registry/harbor-nginx:1.21.5 , private-registry/harbor-nginx:1.21.5-2.95 , private-registry/harbor-nginx:latest Container Release : 2.95 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:12:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:12:10 +0100 (CET) Subject: SUSE-CU-2025:8896-1: Recommended update of private-registry/harbor-portal Message-ID: <20251212081210.630DFFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8896-1 Container Tags : private-registry/harbor-portal:2.13 , private-registry/harbor-portal:2.13.2 , private-registry/harbor-portal:2.13.2-4.13 , private-registry/harbor-portal:2.13.2_git56172457 , private-registry/harbor-portal:2.13.2_git56172457-4.13 , private-registry/harbor-portal:latest Container Release : 4.13 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:12:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:12:24 +0100 (CET) Subject: SUSE-CU-2025:8898-1: Recommended update of private-registry/harbor-registry Message-ID: <20251212081224.A8D5CFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8898-1 Container Tags : private-registry/harbor-registry:2.8.3 , private-registry/harbor-registry:2.8.3-2.94 , private-registry/harbor-registry:latest Container Release : 2.94 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:12:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:12:37 +0100 (CET) Subject: SUSE-CU-2025:8900-1: Recommended update of private-registry/harbor-registryctl Message-ID: <20251212081237.A1A3BFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-registryctl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8900-1 Container Tags : private-registry/harbor-registryctl:2.13 , private-registry/harbor-registryctl:2.13.2 , private-registry/harbor-registryctl:2.13.2-4.12 , private-registry/harbor-registryctl:2.13.2_git56172457 , private-registry/harbor-registryctl:2.13.2_git56172457-4.12 , private-registry/harbor-registryctl:latest Container Release : 4.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-registryctl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:12:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:12:54 +0100 (CET) Subject: SUSE-CU-2025:8902-1: Recommended update of private-registry/harbor-trivy-adapter Message-ID: <20251212081254.84E44FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-trivy-adapter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8902-1 Container Tags : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.96 , private-registry/harbor-trivy-adapter:latest Container Release : 2.96 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:13:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:13:02 +0100 (CET) Subject: SUSE-CU-2025:8903-1: Recommended update of private-registry/harbor-valkey Message-ID: <20251212081302.2920BFB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8903-1 Container Tags : private-registry/harbor-valkey:8.0.6 , private-registry/harbor-valkey:8.0.6-2.74 , private-registry/harbor-valkey:latest Container Release : 2.74 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container private-registry/harbor-valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated - container:registry.suse.com-bci-bci-micro-15.6-6ac6a5b528f31e5a05b2a7f6a06073748efe3398e94379373f5d735aa2aaedcf-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:14:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:14:16 +0100 (CET) Subject: SUSE-IU-2025:3878-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251212081416.E08BEFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3878-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.109 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.109 Severity : moderate Type : recommended References : 1254362 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 534 Released: Thu Dec 11 09:48:12 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions The following package changes have been done: - runc-1.3.4-1.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:18:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:18:26 +0100 (CET) Subject: SUSE-IU-2025:3880-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251212081826.DACAAFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3880-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.36 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.36 Severity : moderate Type : recommended References : 1254362 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 349 Released: Thu Dec 11 09:59:32 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions The following package changes have been done: - runc-1.3.4-slfo.1.1_1.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:27:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:27:52 +0100 (CET) Subject: SUSE-CU-2025:8910-1: Recommended update of bci/bci-micro-fips Message-ID: <20251212082752.8C04CFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8910-1 Container Tags : bci/bci-micro-fips:15.6 , bci/bci-micro-fips:15.6.12.9 Container Release : 12.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-bci-base-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:28:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:28:24 +0100 (CET) Subject: SUSE-CU-2025:8911-1: Recommended update of bci/bci-micro Message-ID: <20251212082824.0DD6FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8911-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.54.9 Container Release : 54.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-bci-base-15.6-c0a2dce6d799cb0c97343509d18264235c1757fa809f99cf9dcbe326ee650709-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:28:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:28:57 +0100 (CET) Subject: SUSE-CU-2025:8912-1: Recommended update of bci/bci-minimal Message-ID: <20251212082857.F1FB5FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8912-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.45.4 Container Release : 45.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:31:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:31:31 +0100 (CET) Subject: SUSE-CU-2025:8913-1: Recommended update of suse/sle15 Message-ID: <20251212083131.30403FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8913-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.16 , suse/sle15:15.6 , suse/sle15:15.6.47.26.16 Container Release : 47.26.16 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:32:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:32:00 +0100 (CET) Subject: SUSE-CU-2025:8914-1: Security update of suse/389-ds Message-ID: <20251212083200.0EB2EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8914-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.11 , suse/389-ds:latest Container Release : 65.11 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 08:32:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 09:32:16 +0100 (CET) Subject: SUSE-CU-2025:8915-1: Recommended update of suse/bind Message-ID: <20251212083216.6D67EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8915-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.15 , suse/bind:9.20.15-70.8 , suse/bind:latest Container Release : 70.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:15:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:15:07 +0100 (CET) Subject: SUSE-CU-2025:8916-1: Recommended update of bci/bci-init Message-ID: <20251212101507.E8EC5FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8916-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.50.13 Container Release : 50.13 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:16:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:16:44 +0100 (CET) Subject: SUSE-CU-2025:8917-1: Recommended update of bci/nodejs Message-ID: <20251212101644.939B6FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8917-1 Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-59.12 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-59.12 Container Release : 59.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:18:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:18:51 +0100 (CET) Subject: SUSE-CU-2025:8915-1: Recommended update of suse/bind Message-ID: <20251212101851.0B761FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8915-1 Container Tags : suse/bind:9 , suse/bind:9.20 , suse/bind:9.20.15 , suse/bind:9.20.15-70.8 , suse/bind:latest Container Release : 70.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:19:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:19:01 +0100 (CET) Subject: SUSE-CU-2025:8918-1: Recommended update of suse/cosign Message-ID: <20251212101901.E07A7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8918-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.3 , suse/cosign:2.5.3-17.9 , suse/cosign:latest Container Release : 17.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:19:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:19:13 +0100 (CET) Subject: SUSE-CU-2025:8919-1: Recommended update of suse/registry Message-ID: <20251212101913.671EAFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8919-1 Container Tags : suse/registry:2.8 , suse/registry:2.8 , suse/registry:2.8-19.5 , suse/registry:latest Container Release : 19.5 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:19:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:19:36 +0100 (CET) Subject: SUSE-CU-2025:8920-1: Recommended update of bci/gcc Message-ID: <20251212101936.46089FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8920-1 Container Tags : bci/gcc:14 , bci/gcc:14.3 , bci/gcc:14.3-15.11 , bci/gcc:latest Container Release : 15.11 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libasan8-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libhwasan0-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - libtsan2-15.2.0+git10201-150000.1.6.1 updated - libubsan1-15.2.0+git10201-150000.1.6.1 updated - libgfortran5-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:19:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:19:55 +0100 (CET) Subject: SUSE-CU-2025:8921-1: Recommended update of suse/git Message-ID: <20251212101955.7F0ECFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8921-1 Container Tags : suse/git:2 , suse/git:2.51 , suse/git:2.51.0 , suse/git:2.51.0-65.12 , suse/git:latest Container Release : 65.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:20:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:20:19 +0100 (CET) Subject: SUSE-CU-2025:8922-1: Recommended update of bci/golang Message-ID: <20251212102019.94FD0FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8922-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.11 , bci/golang:1.24.11-2.76.13 , bci/golang:oldstable , bci/golang:oldstable-2.76.13 Container Release : 76.13 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:20:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:20:43 +0100 (CET) Subject: SUSE-CU-2025:8923-1: Recommended update of bci/golang Message-ID: <20251212102043.DE7BBFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8923-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.7-openssl , bci/golang:1.24.7-openssl-79.11 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-79.11 Container Release : 79.11 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:21:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:21:09 +0100 (CET) Subject: SUSE-CU-2025:8924-1: Security update of bci/golang Message-ID: <20251212102109.6EEFFFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8924-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.5 , bci/golang:1.25.5-1.76.11 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.11 Container Release : 76.11 Severity : important Type : security References : 1244485 1245878 1254227 1254430 1254431 CVE-2025-61727 CVE-2025-61729 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4336-1 Released: Wed Dec 10 00:50:02 2025 Summary: Security update for go1.25 Type: security Severity: important References: 1244485,1245878,1254227,1254430,1254431,CVE-2025-61727,CVE-2025-61729 This update for go1.25 fixes the following issues: go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the mime and os packages. (bsc#1244485) CVE-2025-61729 CVE-2025-61727: * go#76461 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76464 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup - Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update-alternatives go1.25.4 (released 2025-11-05) includes fixes to the compiler, the runtime, and the crypto/subtle, encoding/pem, net/url, and os packages. (bsc#1244485) * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics The following package changes have been done: - go1.25-doc-1.25.5-150000.1.23.1 updated - go1.25-1.25.5-150000.1.23.1 updated - go1.25-race-1.25.5-150000.1.23.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:21:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:21:39 +0100 (CET) Subject: SUSE-CU-2025:8925-1: Recommended update of bci/golang Message-ID: <20251212102139.9BDEFFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8925-1 Container Tags : bci/golang:1.25-openssl , bci/golang:1.25.1-openssl , bci/golang:1.25.1-openssl-79.11 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-79.11 Container Release : 79.11 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:21:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:21:53 +0100 (CET) Subject: SUSE-CU-2025:8926-1: Recommended update of suse/helm Message-ID: <20251212102153.31109FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8926-1 Container Tags : suse/helm:3 , suse/helm:3.19 , suse/helm:3.19.1 , suse/helm:3.19.1-61.4 , suse/helm:latest Container Release : 61.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:22:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:22:12 +0100 (CET) Subject: SUSE-CU-2025:8927-1: Security update of suse/kea Message-ID: <20251212102212.37130FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8927-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-67.8 , suse/kea:latest Container Release : 67.8 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1245309 1245310 1245311 1245314 1246197 1246974 1249191 1249348 1249367 1249375 1251264 1251305 1252974 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-6075 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-9086 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 added - libbrotlicommon1-1.0.7-150200.3.5.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libunistring2-0.9.10-1.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libzstd1-1.5.7-150700.1.2 added - libnghttp2-14-1.64.0-150700.1.5 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - libpq5-18.1-150600.13.3.1 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:22:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:22:47 +0100 (CET) Subject: SUSE-CU-2025:8928-1: Recommended update of suse/kiosk/firefox-esr Message-ID: <20251212102247.1EE53FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8928-1 Container Tags : suse/kiosk/firefox-esr:140.5 , suse/kiosk/firefox-esr:140.5-69.20 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.20 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:22:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:22:56 +0100 (CET) Subject: SUSE-CU-2025:8929-1: Recommended update of suse/kubectl Message-ID: <20251212102256.DD6B9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8929-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.67.8 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.67.8 Container Release : 67.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:23:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:23:06 +0100 (CET) Subject: SUSE-CU-2025:8930-1: Recommended update of suse/kubectl Message-ID: <20251212102306.8E16AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8930-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.67.8 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.67.8 Container Release : 67.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:23:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:23:21 +0100 (CET) Subject: SUSE-CU-2025:8931-1: Recommended update of bci/bci-micro-fips Message-ID: <20251212102321.18992FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8931-1 Container Tags : bci/bci-micro-fips:15.7 , bci/bci-micro-fips:15.7-14.6 , bci/bci-micro-fips:latest Container Release : 14.6 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-micro-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:23:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:23:32 +0100 (CET) Subject: SUSE-CU-2025:8932-1: Recommended update of bci/bci-micro Message-ID: <20251212102332.B41D8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8932-1 Container Tags : bci/bci-micro:15.7 , bci/bci-micro:15.7-52.6 , bci/bci-micro:latest Container Release : 52.6 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-bci-base-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:23:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:23:43 +0100 (CET) Subject: SUSE-CU-2025:8933-1: Recommended update of bci/bci-minimal Message-ID: <20251212102343.35F3FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8933-1 Container Tags : bci/bci-minimal:15.7 , bci/bci-minimal:15.7-17.3 , bci/bci-minimal:latest Container Release : 17.3 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:24:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:24:09 +0100 (CET) Subject: SUSE-CU-2025:8934-1: Recommended update of suse/nginx Message-ID: <20251212102409.152F8FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8934-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-68.4 , suse/nginx:latest Container Release : 68.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:24:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:24:25 +0100 (CET) Subject: SUSE-CU-2025:8935-1: Security update of suse/postgres Message-ID: <20251212102425.7D6C3FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8935-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-81.3 Container Release : 81.3 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1245309 1245310 1245311 1245314 1246197 1246974 1249191 1249348 1249367 1249375 1251264 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 The following package changes have been done: - libbrotlicommon1-1.0.7-150200.3.5.1 added - libnghttp2-14-1.64.0-150700.1.5 added - libssh-config-0.9.8-150600.11.6.1 added - libunistring2-0.9.10-1.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - libpq5-18.1-150600.13.3.1 updated - postgresql-18-150700.23.3.1 updated - postgresql-server-18-150700.23.3.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:43:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:43:02 +0100 (CET) Subject: SUSE-CU-2025:8935-1: Security update of suse/postgres Message-ID: <20251212104302.C79FDFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8935-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-81.3 Container Release : 81.3 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1245309 1245310 1245311 1245314 1246197 1246974 1249191 1249348 1249367 1249375 1251264 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 The following package changes have been done: - libbrotlicommon1-1.0.7-150200.3.5.1 added - libnghttp2-14-1.64.0-150700.1.5 added - libssh-config-0.9.8-150600.11.6.1 added - libunistring2-0.9.10-1.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - libpq5-18.1-150600.13.3.1 updated - postgresql-18-150700.23.3.1 updated - postgresql-server-18-150700.23.3.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:43:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:43:03 +0100 (CET) Subject: SUSE-CU-2025:8936-1: Recommended update of suse/postgres Message-ID: <20251212104303.D8C55FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8936-1 Container Tags : suse/postgres:16 , suse/postgres:16.10 , suse/postgres:16.10 , suse/postgres:16.10-81.4 Container Release : 81.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:43:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:43:21 +0100 (CET) Subject: SUSE-CU-2025:8937-1: Security update of suse/postgres Message-ID: <20251212104321.2EB51FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8937-1 Container Tags : suse/postgres:17 , suse/postgres:17.7 , suse/postgres:17.7 , suse/postgres:17.7-71.3 , suse/postgres:latest Container Release : 71.3 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1245309 1245310 1245311 1245314 1246197 1246974 1249191 1249348 1249367 1249375 1251264 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 The following package changes have been done: - libbrotlicommon1-1.0.7-150200.3.5.1 added - libnghttp2-14-1.64.0-150700.1.5 added - libssh-config-0.9.8-150600.11.6.1 added - libunistring2-0.9.10-1.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - libpq5-18.1-150600.13.3.1 updated - postgresql-18-150700.23.3.1 updated - postgresql17-17.7-150600.13.19.1 updated - postgresql-server-18-150700.23.3.1 updated - postgresql17-server-17.7-150600.13.19.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:43:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:43:22 +0100 (CET) Subject: SUSE-CU-2025:8938-1: Recommended update of suse/postgres Message-ID: <20251212104322.35FC4FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8938-1 Container Tags : suse/postgres:17 , suse/postgres:17.7 , suse/postgres:17.7 , suse/postgres:17.7-71.4 , suse/postgres:latest Container Release : 71.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:43:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:43:47 +0100 (CET) Subject: SUSE-CU-2025:8939-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251212104347.A198AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8939-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.15 , suse/kiosk/pulseaudio:latest Container Release : 67.15 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:44:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:44:18 +0100 (CET) Subject: SUSE-CU-2025:8940-1: Recommended update of bci/python Message-ID: <20251212104418.6E104FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8940-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.9 , bci/python:3.13.9-80.12 , bci/python:latest Container Release : 80.12 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4340-1 Released: Wed Dec 10 10:00:35 2025 Summary: Recommended update for python313 Type: recommended Severity: moderate References: This update for python313 fixes the following issues: - Remove unneeded files The following package changes have been done: - libpython3_13-1_0-3.13.9-150700.4.33.1 updated - python313-base-3.13.9-150700.4.33.1 updated - python313-3.13.9-150700.4.33.1 updated - python313-devel-3.13.9-150700.4.33.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:44:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:44:51 +0100 (CET) Subject: SUSE-CU-2025:8941-1: Security update of bci/python Message-ID: <20251212104451.3DFF7FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8941-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.11 Container Release : 77.11 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - python3-devel-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:45:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:45:05 +0100 (CET) Subject: SUSE-CU-2025:8942-1: Recommended update of suse/mariadb-client Message-ID: <20251212104505.8F426FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8942-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.3 , suse/mariadb-client:11.8.3-65.8 , suse/mariadb-client:latest Container Release : 65.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:45:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:45:21 +0100 (CET) Subject: SUSE-CU-2025:8943-1: Security update of suse/mariadb Message-ID: <20251212104521.A07C5FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8943-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-67.10 , suse/mariadb:latest Container Release : 67.10 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:45:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:45:51 +0100 (CET) Subject: SUSE-CU-2025:8944-1: Recommended update of bci/ruby Message-ID: <20251212104551.93691FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8944-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-19.12 Container Release : 19.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:46:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:46:20 +0100 (CET) Subject: SUSE-CU-2025:8945-1: Recommended update of bci/ruby Message-ID: <20251212104620.AFB52FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8945-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-18.11 , bci/ruby:latest Container Release : 18.11 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:46:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:46:48 +0100 (CET) Subject: SUSE-CU-2025:8946-1: Security update of suse/samba-client Message-ID: <20251212104648.90A49FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8946-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-69.12 , suse/samba-client:latest Container Release : 69.12 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:47:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:47:11 +0100 (CET) Subject: SUSE-CU-2025:8947-1: Security update of suse/samba-server Message-ID: <20251212104711.C50C8FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8947-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-69.14 , suse/samba-server:latest Container Release : 69.14 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:47:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:47:31 +0100 (CET) Subject: SUSE-CU-2025:8948-1: Security update of suse/samba-toolbox Message-ID: <20251212104731.32084FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8948-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-69.12 , suse/samba-toolbox:latest Container Release : 69.12 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:48:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:48:09 +0100 (CET) Subject: SUSE-CU-2025:8949-1: Security update of bci/spack Message-ID: <20251212104809.32096FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8949-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-19.14 , bci/spack:latest Container Release : 19.14 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:48:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:48:23 +0100 (CET) Subject: SUSE-CU-2025:8950-1: Recommended update of suse/stunnel Message-ID: <20251212104823.B38ABFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8950-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-68.8 , suse/stunnel:latest Container Release : 68.8 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:48:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:48:39 +0100 (CET) Subject: SUSE-CU-2025:8951-1: Recommended update of suse/valkey Message-ID: <20251212104839.E63C9FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8951-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.6 , suse/valkey:8.0.6-67.9 , suse/valkey:latest Container Release : 67.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:48:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:48:53 +0100 (CET) Subject: SUSE-CU-2025:8952-1: Recommended update of suse/kiosk/xorg-client Message-ID: <20251212104853.B0C53FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8952-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.11 , suse/kiosk/xorg-client:latest Container Release : 69.11 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:49:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:49:20 +0100 (CET) Subject: SUSE-CU-2025:8953-1: Recommended update of suse/kiosk/xorg Message-ID: <20251212104920.C9921FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8953-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.15 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.15 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-micro-15.7-7d103f4317c8c7eae4d0126d34c8b7a92769b44764a526a63325f0ca24150092-0 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:52:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:52:23 +0100 (CET) Subject: SUSE-CU-2025:8954-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251212105223.1E1EFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8954-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.1 , suse/manager/4.3/proxy-httpd:4.3.16.1.9.70.16 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.70.16 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 10:54:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 11:54:04 +0100 (CET) Subject: SUSE-CU-2025:8955-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251212105404.C6553FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8955-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.1 , suse/manager/4.3/proxy-salt-broker:4.3.16.1.9.60.16 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.60.16 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 11:10:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 12:10:20 +0100 (CET) Subject: SUSE-CU-2025:8955-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251212111020.78D32FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8955-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.1 , suse/manager/4.3/proxy-salt-broker:4.3.16.1.9.60.16 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.60.16 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 11:13:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 12:13:29 +0100 (CET) Subject: SUSE-CU-2025:8957-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20251212111329.9B044FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8957-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.16.1 , suse/manager/4.3/proxy-ssh:4.3.16.1.9.60.9 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.60.9 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 11:15:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 12:15:09 +0100 (CET) Subject: SUSE-CU-2025:8958-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20251212111509.05110FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8958-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.16.1 , suse/manager/4.3/proxy-tftpd:4.3.16.1.9.60.8 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.60.8 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 12 11:22:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Dec 2025 12:22:16 +0100 (CET) Subject: SUSE-CU-2025:8961-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251212112216.E57DCFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8961-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.211 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.211 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - python3-base-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:06:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:06:02 +0100 (CET) Subject: SUSE-IU-2025:3893-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20251213080602.8C5D3FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3893-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.228 , suse/sle-micro/base-5.5:latest Image Release : 5.8.228 Severity : moderate Type : recommended References : 1233655 510058 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.18.4 updated - device-mapper-2.03.22_1.02.196-150500.7.18.4 updated - liblvm2cmd2_03-2.03.22-150500.7.18.4 updated - lvm2-2.03.22-150500.7.18.4 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:07:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:07:21 +0100 (CET) Subject: SUSE-IU-2025:3894-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20251213080721.EB447FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3894-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.437 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.437 Severity : moderate Type : recommended References : 1233655 510058 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4377-1 Released: Fri Dec 12 10:37:09 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.18.4 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.18.4 updated - device-mapper-2.03.22_1.02.196-150500.7.18.4 updated - liblvm2cmd2_03-2.03.22-150500.7.18.4 updated - lvm2-2.03.22-150500.7.18.4 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.228 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:18:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:18:07 +0100 (CET) Subject: SUSE-CU-2025:8965-1: Security update of bci/bci-base-fips Message-ID: <20251213081807.4F099FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8965-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.37.11 Container Release : 37.11 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-base-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:19:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:19:27 +0100 (CET) Subject: SUSE-CU-2025:8966-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20251213081927.6AF66FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8966-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.143 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.143 Severity : important Type : security References : 1233655 1250655 1250664 1253043 1253260 1254094 510058 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4338-1 Released: Wed Dec 10 08:31:14 2025 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1253260,1254094 This update for multipath-tools fixes the following issues: - Log offline path state if 'log_checker_err always' is set (bsc#1254094) - CI: GitHub workflow updates. No code changes. - Backported fixes from upstream 0.9.9 ... 0.10.5 (bsc#1253260) * Updates to the built-in hardware table: + Add some NVMe storage array (VASTData, Infinidat, HITACHI VSP) + Add QSAN + Add EqualLogic PS + Add Quantum devices + Enable ALUA for AStor/NeoSapphire + Update NFINIDAT/InfiniBox config + Fix product blacklist of S/390 devices + Add Seagate Lyve + Add HITACHI VSP One SDS Block + Add SCST (SCSI Target Subsystem for Linux) + Huawei storage arrays + XSG1 vendors * Avoid a possible system hang during shutdown with queueing multipath maps. * Failed paths should be checked every `polling_interval`. In certain cases, this wouldn't happen, because the check interval wasn't reset by multipathd. * It could happen that multipathd would accidentally release a SCSI persistent reservation held by another node. * After manually failing some paths and then reinstating them, sometimes the reinstated paths were immediately failed again by multipathd. * Fixed the problem that, if there were multiple maps with deferred failback (`failback` value is greater than 0 in `multipath.conf`), some maps might fail back later than configured. * Fixed a problem in the marginal path detection algorithm that could cause the io error check for a recently failed path to be delayed. * Fixed a minor bug in the config file parser * Fixed minor issues detected by coverity. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4373-1 Released: Fri Dec 12 10:05:12 2025 Summary: Security update for container-suseconnect Type: security Severity: moderate References: This update for container-suseconnect rebuilds it against current go security release. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4375-1 Released: Fri Dec 12 10:19:46 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.6.13 - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4378-1 Released: Fri Dec 12 10:37:36 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). The following package changes have been done: - container-suseconnect-2.5.5-150000.4.75.1 updated - device-mapper-2.03.22_1.02.196-150600.3.9.3 updated - kpartx-0.9.8+247+suse.863ae86f-150600.3.6.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150600.3.9.3 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libmpath0-0.9.8+247+suse.863ae86f-150600.3.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - multipath-tools-0.9.8+247+suse.863ae86f-150600.3.6.1 updated - suse-module-tools-15.6.13-150600.3.14.2 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:23:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:23:06 +0100 (CET) Subject: SUSE-CU-2025:8969-1: Recommended update of bci/python Message-ID: <20251213082306.407CCFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8969-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.12 , bci/python:3.12.12-76.14 Container Release : 76.14 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:25:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:25:26 +0100 (CET) Subject: SUSE-CU-2025:8971-1: Security update of suse/sle15 Message-ID: <20251213082526.E77C7FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8971-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.17 , suse/sle15:15.6 , suse/sle15:15.6.47.26.17 Container Release : 47.26.17 Severity : moderate Type : security References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4373-1 Released: Fri Dec 12 10:05:12 2025 Summary: Security update for container-suseconnect Type: security Severity: moderate References: This update for container-suseconnect rebuilds it against current go security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.75.1 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:26:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:26:54 +0100 (CET) Subject: SUSE-CU-2025:8972-1: Security update of bci/spack Message-ID: <20251213082654.4240FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8972-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.94 Container Release : 11.94 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-base-15.6-4b95c77231b92da253b058be151cd43f3a62e809b8199172091bb28250e481f7-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:27:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:27:23 +0100 (CET) Subject: SUSE-CU-2025:8974-1: Recommended update of suse/389-ds Message-ID: <20251213082723.4665CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8974-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-65.12 , suse/389-ds:latest Container Release : 65.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:27:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:27:44 +0100 (CET) Subject: SUSE-CU-2025:8975-1: Security update of bci/bci-base-fips Message-ID: <20251213082744.963D8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8975-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-12.8 , bci/bci-base-fips:latest Container Release : 12.8 Severity : moderate Type : security References : 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:27:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:27:50 +0100 (CET) Subject: SUSE-CU-2025:8976-1: Recommended update of bci/dotnet-sdk Message-ID: <20251213082750.22D0AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8976-1 Container Tags : bci/dotnet-sdk:10.0 , bci/dotnet-sdk:10.0.0 , bci/dotnet-sdk:10.0.0-4.4 , bci/dotnet-sdk:latest Container Release : 4.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:28:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:28:11 +0100 (CET) Subject: SUSE-CU-2025:8977-1: Recommended update of bci/dotnet-sdk Message-ID: <20251213082811.A2E0AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8977-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.22 , bci/dotnet-sdk:8.0.22-76.4 Container Release : 76.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:28:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:28:33 +0100 (CET) Subject: SUSE-CU-2025:8978-1: Recommended update of bci/dotnet-sdk Message-ID: <20251213082833.34D2DFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8978-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.11 , bci/dotnet-sdk:9.0.11-36.4 Container Release : 36.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:29:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:29:18 +0100 (CET) Subject: SUSE-CU-2025:8980-1: Recommended update of bci/bci-init Message-ID: <20251213082918.4D97CFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8980-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-47.10 , bci/bci-init:latest Container Release : 47.10 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:29:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:29:35 +0100 (CET) Subject: SUSE-CU-2025:8981-1: Recommended update of suse/kea Message-ID: <20251213082935.A3126FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kea ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8981-1 Container Tags : suse/kea:2.6 , suse/kea:2.6-67.9 , suse/kea:latest Container Release : 67.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/kea was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:29:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:29:44 +0100 (CET) Subject: SUSE-CU-2025:8982-1: Security update of suse/kubectl Message-ID: <20251213082944.48357FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8982-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.67.9 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.67.9 Container Release : 67.9 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4380-1 Released: Fri Dec 12 11:18:53 2025 Summary: Security update for kubernetes-client Type: security Severity: important References: This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. The following package changes have been done: - kubernetes1.31-client-1.31.9-150600.13.15.2 updated - kubernetes1.31-client-common-1.31.9-150600.13.15.2 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:29:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:29:52 +0100 (CET) Subject: SUSE-CU-2025:8983-1: Security update of suse/kubectl Message-ID: <20251213082952.D1ACFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8983-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.1 , suse/kubectl:1.33.1-1.67.9 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.67.9 Container Release : 67.9 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4381-1 Released: Fri Dec 12 11:19:10 2025 Summary: Security update for kubernetes-client Type: security Severity: important References: This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. The following package changes have been done: - kubernetes1.33-client-1.33.1-150600.13.15.2 updated - kubernetes1.33-client-common-1.33.1-150600.13.15.2 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:30:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:30:13 +0100 (CET) Subject: SUSE-CU-2025:8984-1: Recommended update of bci/nodejs Message-ID: <20251213083013.27E2FFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8984-1 Container Tags : bci/node:22 , bci/node:22.15.1 , bci/node:22.15.1-14.10 , bci/node:latest , bci/nodejs:22 , bci/nodejs:22.15.1 , bci/nodejs:22.15.1-14.10 , bci/nodejs:latest Container Release : 14.10 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:30:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:30:34 +0100 (CET) Subject: SUSE-CU-2025:8985-1: Recommended update of bci/openjdk Message-ID: <20251213083034.893F8FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8985-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.14 Container Release : 13.14 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:10:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:10:17 +0100 (CET) Subject: SUSE-CU-2025:8986-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251214081017.951DCFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8986-1 Container Tags : bci/dotnet-aspnet:10.0 , bci/dotnet-aspnet:10.0.0 , bci/dotnet-aspnet:10.0.0-4.4 , bci/dotnet-aspnet:latest Container Release : 4.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:10:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:10:45 +0100 (CET) Subject: SUSE-CU-2025:8987-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251214081045.AD320FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8987-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.22 , bci/dotnet-aspnet:8.0.22-76.4 Container Release : 76.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:11:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:11:04 +0100 (CET) Subject: SUSE-CU-2025:8988-1: Recommended update of bci/dotnet-aspnet Message-ID: <20251214081104.35B7FFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8988-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.11 , bci/dotnet-aspnet:9.0.11-35.4 Container Release : 35.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:11:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:11:07 +0100 (CET) Subject: SUSE-CU-2025:8989-1: Recommended update of bci/dotnet-runtime Message-ID: <20251214081107.6854DFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8989-1 Container Tags : bci/dotnet-runtime:10.0 , bci/dotnet-runtime:10.0.0 , bci/dotnet-runtime:10.0.0-4.4 , bci/dotnet-runtime:latest Container Release : 4.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:11:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:11:31 +0100 (CET) Subject: SUSE-CU-2025:8990-1: Recommended update of bci/dotnet-runtime Message-ID: <20251214081131.4F00BFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8990-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.22 , bci/dotnet-runtime:8.0.22-76.4 Container Release : 76.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:11:56 +0100 (CET) Subject: SUSE-CU-2025:8991-1: Recommended update of bci/dotnet-runtime Message-ID: <20251214081156.D7A1DFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8991-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.11 , bci/dotnet-runtime:9.0.11-35.4 Container Release : 35.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:12:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:12:19 +0100 (CET) Subject: SUSE-CU-2025:8985-1: Recommended update of bci/openjdk Message-ID: <20251214081219.948E5FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8985-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-13.14 Container Release : 13.14 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:12:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:12:42 +0100 (CET) Subject: SUSE-CU-2025:8992-1: Recommended update of bci/openjdk-devel Message-ID: <20251214081242.AB923FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8992-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-18.4 Container Release : 18.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-openjdk-21-15.7.21-17.4 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:13:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:13:01 +0100 (CET) Subject: SUSE-CU-2025:8993-1: Recommended update of bci/openjdk Message-ID: <20251214081301.A46F5FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8993-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-17.4 Container Release : 17.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:13:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:13:03 +0100 (CET) Subject: SUSE-CU-2025:8994-1: Recommended update of bci/openjdk-devel Message-ID: <20251214081303.8B95FFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8994-1 Container Tags : bci/openjdk-devel:25 , bci/openjdk-devel:25.0.1.0 , bci/openjdk-devel:25.0.1.0-2.4 , bci/openjdk-devel:latest Container Release : 2.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-openjdk-25-15.7.25-2.4 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:13:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:13:05 +0100 (CET) Subject: SUSE-CU-2025:8995-1: Recommended update of bci/openjdk Message-ID: <20251214081305.70870FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8995-1 Container Tags : bci/openjdk:25 , bci/openjdk:25.0.1.0 , bci/openjdk:25.0.1.0-2.4 , bci/openjdk:latest Container Release : 2.4 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:13:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:13:26 +0100 (CET) Subject: SUSE-CU-2025:8996-1: Security update of suse/postgres Message-ID: <20251214081326.4E9A0FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8996-1 Container Tags : suse/postgres:16 , suse/postgres:16.11 , suse/postgres:16.11 , suse/postgres:16.11-81.5 Container Release : 81.5 Severity : important Type : security References : 1253332 1253333 CVE-2025-12817 CVE-2025-12818 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4388-1 Released: Fri Dec 12 14:36:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. The following package changes have been done: - postgresql16-16.11-150600.16.25.1 updated - postgresql16-server-16.11-150600.16.25.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:13:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:13:52 +0100 (CET) Subject: SUSE-CU-2025:8997-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20251214081352.57347FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8997-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.16 , suse/kiosk/pulseaudio:latest Container Release : 67.16 Severity : moderate Type : recommended References : 1246691 1250655 1250664 510058 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4374-1 Released: Fri Dec 12 10:19:34 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.7.8. - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4376-1 Released: Fri Dec 12 10:36:45 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1246691,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - systemd fails to start lvmlockd with sanlock running (bsc#1246691). The following package changes have been done: - libdevmapper1_03-2.03.24_1.02.198-150700.7.3.3 updated - suse-module-tools-15.7.8-150700.3.8.3 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:14:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:14:14 +0100 (CET) Subject: SUSE-CU-2025:8998-1: Recommended update of suse/rmt-server Message-ID: <20251214081414.CBCE2FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8998-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.23 , suse/rmt-server:2.23-77.9 , suse/rmt-server:latest Container Release : 77.9 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:14:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:14:30 +0100 (CET) Subject: SUSE-CU-2025:8999-1: Recommended update of bci/rust Message-ID: <20251214081430.3E27EFB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:8999-1 Container Tags : bci/rust:1.90 , bci/rust:1.90.0 , bci/rust:1.90.0-2.2.6 , bci/rust:oldstable , bci/rust:oldstable-2.2.6 Container Release : 2.6 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libasan8-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libhwasan0-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libtsan2-15.2.0+git10201-150000.1.6.1 updated - libubsan1-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:14:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:14:54 +0100 (CET) Subject: SUSE-CU-2025:9000-1: Recommended update of bci/rust Message-ID: <20251214081454.A6D37FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9000-1 Container Tags : bci/rust:1.91 , bci/rust:1.91.0 , bci/rust:1.91.0-1.2.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.5 Container Release : 2.5 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - libubsan1-15.2.0+git10201-150000.1.6.1 updated - libtsan2-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libhwasan0-15.2.0+git10201-150000.1.6.1 updated - libasan8-15.2.0+git10201-150000.1.6.1 updated - cpp15-15.2.0+git10201-150000.1.6.1 updated - gcc15-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:15:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:15:15 +0100 (CET) Subject: SUSE-CU-2025:9002-1: Security update of suse/sle15 Message-ID: <20251214081515.BD3C8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9002-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-5.14.3 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.14.3 , suse/sle15:latest Container Release : 5.14.3 Severity : moderate Type : security References : 1253043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4373-1 Released: Fri Dec 12 10:05:12 2025 Summary: Security update for container-suseconnect Type: security Severity: moderate References: This update for container-suseconnect rebuilds it against current go security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.75.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:16:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:16:08 +0100 (CET) Subject: SUSE-CU-2025:9004-1: Recommended update of suse/kiosk/xorg Message-ID: <20251214081608.05DC2FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9004-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-71.16 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 71.16 Severity : moderate Type : recommended References : 1246691 1250655 1250664 510058 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4374-1 Released: Fri Dec 12 10:19:34 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.7.8. - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4376-1 Released: Fri Dec 12 10:36:45 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1246691,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - systemd fails to start lvmlockd with sanlock running (bsc#1246691). The following package changes have been done: - libdevmapper1_03-2.03.24_1.02.198-150700.7.3.3 updated - suse-module-tools-15.7.8-150700.3.8.3 updated From sle-container-updates at lists.suse.com Sun Dec 14 08:18:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 09:18:47 +0100 (CET) Subject: SUSE-CU-2025:9005-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251214081847.A970EFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9005-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.212 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.212 Severity : moderate Type : security References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4373-1 Released: Fri Dec 12 10:05:12 2025 Summary: Security update for container-suseconnect Type: security Severity: moderate References: This update for container-suseconnect rebuilds it against current go security release. The following package changes have been done: - container-suseconnect-2.5.5-150000.4.75.1 updated From sle-container-updates at lists.suse.com Sat Dec 13 08:03:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:03:06 +0100 (CET) Subject: SUSE-IU-2025:3889-1: Security update of suse-sles-15-sp6-chost-byos-v20251211-x86_64-gen2 Message-ID: <20251213080306.65392FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20251211-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3889-1 Image Tags : suse-sles-15-sp6-chost-byos-v20251211-x86_64-gen2:20251211 Image Release : Severity : critical Type : security References : 1001888 1006827 1012628 1027519 1029961 1098094 1098228 1170554 1192862 1206798 1214954 1215143 1215199 1216396 1220419 1224138 1224386 1229750 1231055 1232526 1233529 1236743 1236744 1237236 1237240 1237241 1237242 1238491 1239206 1239566 1239938 1240788 1241132 1241219 1243381 1243794 1243991 1244050 1244939 1245190 1245199 1245953 1246544 1247498 1248211 1248230 1248501 1248517 1248630 1248754 1248807 1248816 1248886 1249055 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250593 1250650 1250702 1250704 1250721 1250742 1250754 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251198 1251199 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251271 1251282 1251283 1251286 1251290 1251305 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252110 1252148 1252160 1252232 1252232 1252236 1252265 1252269 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252378 1252379 1252380 1252425 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252930 1252931 1252932 1252933 1252934 1252935 1252939 1252974 1253001 1253043 1253126 1253132 1253741 1253757 1254132 1254362 529469 837347 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2024-25621 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-27466 CVE-2025-31133 CVE-2025-31133 CVE-2025-3576 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 CVE-2025-40778 CVE-2025-40780 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-54770 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-7039 CVE-2025-8291 CVE-2025-8677 CVE-2025-9820 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20251211-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3798-1 Released: Mon Oct 27 08:58:14 2025 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:05:59 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4110-1 Released: Fri Nov 14 16:56:18 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4140-1 Released: Wed Nov 19 14:15:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987 ,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4177-1 Released: Mon Nov 24 08:25:42 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1253001 This update for python-azure-agent fixes the following issues: - Update to version 2.14.0.1 (bsc#1253001) * FIPS 140-3 support * Block extensions disallowed by policy * Report ext policy errors in heartbeat * Implement signature validation helper functions * Prevent ssh public key override * Use proper filesystem creation flag for btrfs * Enable resource monitoring in cgroup v2 machines * Update agent cgroup cleanup * Add cgroupv2 distros to supported list * Clean old agent cgroup setup * Redact sas tokens in telemetry events and agent log * Add conf option to use hardcoded wireserver ip instead of dhcp request to discover wireserver ip * Support for python 3.12 * Update telemetry message for agent updates and send new telemetry for ext resource governance * Disable rsm downgrade * Add community support for Chainguard OS * Swap out legacycrypt for crypt-r for Python 3.13+ * Pin setuptools version * Set the agent config file path for FreeBSD * Handle errors importing crypt module - From 2.13.1.1 * Setup: Fix install_requires list syntax * Pickup latest goal state on tenant certificate rotation + Avoid infinite loop when the tenant certificate is missing * Fix unsupported syntax in py2.6 * Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files * Remove usages of tempfile.mktemp * Use random time for attempting new Agent update * Enable logcollector in v2 machines * Clean history files * Missing firewall rules reason * Add support for nftables (+ refactoring of firewall code) * Create walinuxagent nftable atomically ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4196-1 Released: Mon Nov 24 11:54:23 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4279-1 Released: Thu Nov 27 14:16:36 2025 Summary: Recommended update for hyper-v Type: recommended Severity: moderate References: hyper-v was updated to fix the following issue: - hyper-v is shipped on Aarch64. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.18.33-150600.3.18.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - containerd-ctr-1.7.29-150000.128.1 updated - containerd-1.7.29-150000.128.1 updated - curl-8.14.1-150600.4.31.1 updated - elfutils-0.185-150400.5.8.3 updated - glib2-tools-2.78.6-150600.4.22.1 updated - grub2-i386-pc-2.12-150600.8.44.2 updated - grub2-x86_64-efi-2.12-150600.8.44.2 updated - grub2-2.12-150600.8.44.2 updated - hyper-v-9-150200.14.14.1 updated - kernel-default-6.4.0-150600.23.78.1 updated - kmod-29-150600.13.3.1 updated - krb5-1.20.1-150600.11.14.1 updated - libasm1-0.185-150400.5.8.3 updated - libcurl4-8.14.1-150600.4.31.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libkmod2-29-150600.13.3.1 updated - libpci3-3.13.0-150300.13.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libselinux1-3.5-150600.3.3.1 updated - libsolv-tools-base-0.7.34-150600.8.19.2 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libudev1-254.27-150600.4.46.2 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated - pciutils-3.13.0-150300.13.9.1 updated - python-azure-agent-config-server-2.14.0.1-150100.3.53.1 updated - python-azure-agent-2.14.0.1-150100.3.53.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - runc-1.3.4-150000.88.1 updated - sles-release-15.6-150600.64.9.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-9.1.1629-150500.20.38.1 updated - xen-libs-4.18.5_06-150600.3.31.2 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-28.3.3_ce-150000.230.1 removed From sle-container-updates at lists.suse.com Sat Dec 13 08:03:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:03:18 +0100 (CET) Subject: SUSE-IU-2025:3890-1: Security update of suse-sles-15-sp6-chost-byos-v20251211-hvm-ssd-x86_64 Message-ID: <20251213080318.6AB55FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20251211-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3890-1 Image Tags : suse-sles-15-sp6-chost-byos-v20251211-hvm-ssd-x86_64:20251211 Image Release : Severity : critical Type : security References : 1001888 1006827 1012628 1027519 1029961 1098094 1098228 1170554 1192862 1206798 1214954 1215143 1215199 1216396 1220419 1224138 1224386 1229750 1231055 1232526 1233529 1236743 1236744 1237236 1237240 1237241 1237242 1238491 1239206 1239566 1239938 1240788 1241132 1241219 1243381 1243794 1243991 1244050 1244939 1245190 1245199 1245953 1246544 1247498 1248211 1248230 1248501 1248517 1248630 1248754 1248807 1248816 1248886 1249055 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250593 1250650 1250702 1250704 1250721 1250742 1250754 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251198 1251199 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251271 1251282 1251283 1251286 1251290 1251305 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252110 1252148 1252160 1252232 1252232 1252236 1252265 1252269 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252378 1252379 1252380 1252425 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252930 1252931 1252932 1252933 1252934 1252935 1252939 1252974 1253043 1253126 1253132 1253741 1253757 1254132 1254362 529469 837347 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2024-25621 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-27466 CVE-2025-31133 CVE-2025-31133 CVE-2025-3576 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 CVE-2025-40778 CVE-2025-40780 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-54770 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-7039 CVE-2025-8291 CVE-2025-8677 CVE-2025-9820 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20251211-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3798-1 Released: Mon Oct 27 08:58:14 2025 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:05:59 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4110-1 Released: Fri Nov 14 16:56:18 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4140-1 Released: Wed Nov 19 14:15:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987 ,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4196-1 Released: Mon Nov 24 11:54:23 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.18.33-150600.3.18.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - containerd-ctr-1.7.29-150000.128.1 updated - containerd-1.7.29-150000.128.1 updated - curl-8.14.1-150600.4.31.1 updated - elfutils-0.185-150400.5.8.3 updated - glib2-tools-2.78.6-150600.4.22.1 updated - grub2-i386-pc-2.12-150600.8.44.2 updated - grub2-x86_64-efi-2.12-150600.8.44.2 updated - grub2-x86_64-xen-2.12-150600.8.44.2 updated - grub2-2.12-150600.8.44.2 updated - kernel-default-6.4.0-150600.23.78.1 updated - kmod-29-150600.13.3.1 updated - krb5-1.20.1-150600.11.14.1 updated - libasm1-0.185-150400.5.8.3 updated - libcurl4-8.14.1-150600.4.31.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libkmod2-29-150600.13.3.1 updated - libpci3-3.13.0-150300.13.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libselinux1-3.5-150600.3.3.1 updated - libsolv-tools-base-0.7.34-150600.8.19.2 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libudev1-254.27-150600.4.46.2 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated - pciutils-3.13.0-150300.13.9.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - runc-1.3.4-150000.88.1 updated - sles-release-15.6-150600.64.9.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-9.1.1629-150500.20.38.1 updated - xen-libs-4.18.5_06-150600.3.31.2 updated - xen-tools-domU-4.18.5_06-150600.3.31.2 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-28.3.3_ce-150000.230.1 removed - iptables-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - xtables-plugins-1.8.7-1.1 removed From sle-container-updates at lists.suse.com Sat Dec 13 08:03:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Dec 2025 09:03:41 +0100 (CET) Subject: SUSE-IU-2025:3891-1: Security update of sles-15-sp6-chost-byos-v20251211-arm64 Message-ID: <20251213080341.53D5DFB9C@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20251211-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3891-1 Image Tags : sles-15-sp6-chost-byos-v20251211-arm64:20251211 Image Release : Severity : critical Type : security References : 1001888 1006827 1012628 1027519 1029961 1098094 1098228 1170554 1192862 1206798 1214954 1215143 1215199 1216396 1220419 1224138 1224386 1229750 1231055 1232526 1233529 1236743 1236744 1237236 1237240 1237241 1237242 1238491 1239206 1239566 1239938 1240788 1241132 1241219 1243381 1243794 1243991 1244050 1244939 1245190 1245199 1245953 1246544 1246914 1247498 1248211 1248230 1248501 1248517 1248630 1248754 1248807 1248816 1248886 1249055 1249161 1249182 1249224 1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608 1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379 1250400 1250455 1250491 1250519 1250593 1250650 1250702 1250704 1250721 1250742 1250754 1250946 1251024 1251027 1251028 1251031 1251035 1251038 1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059 1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079 1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113 1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146 1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180 1251198 1251199 1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247 1251268 1251269 1251270 1251271 1251282 1251283 1251286 1251290 1251305 1251319 1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743 1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758 1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772 1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035 1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062 1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078 1252079 1252082 1252083 1252110 1252148 1252160 1252232 1252232 1252236 1252265 1252269 1252269 1252332 1252336 1252346 1252348 1252349 1252364 1252378 1252379 1252380 1252425 1252479 1252481 1252489 1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537 1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632 1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775 1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848 1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873 1252902 1252904 1252909 1252918 1252930 1252931 1252932 1252933 1252934 1252935 1252939 1252974 1253043 1253126 1253132 1253741 1253757 1254132 1254362 529469 837347 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540 CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548 CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555 CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560 CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574 CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581 CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596 CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602 CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616 CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622 CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645 CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650 CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657 CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663 CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672 CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687 CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703 CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713 CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726 CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731 CVE-2023-53733 CVE-2024-25621 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-27466 CVE-2025-31133 CVE-2025-31133 CVE-2025-3576 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653 CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676 CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794 CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841 CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937 CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088 CVE-2025-40096 CVE-2025-40100 CVE-2025-40778 CVE-2025-40780 CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 CVE-2025-54770 CVE-2025-54771 CVE-2025-58142 CVE-2025-58143 CVE-2025-58147 CVE-2025-58148 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61984 CVE-2025-61985 CVE-2025-64329 CVE-2025-7039 CVE-2025-8291 CVE-2025-8677 CVE-2025-9820 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20251211-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3794-1 Released: Fri Oct 24 17:36:29 2025 Summary: Security update for chrony Type: security Severity: moderate References: 1246544 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3798-1 Released: Mon Oct 27 08:58:14 2025 Summary: Security update for xen Type: security Severity: important References: 1027519,1248807,1251271,CVE-2025-27466,CVE-2025-58142,CVE-2025-58143,CVE-2025-58147,CVE-2025-58148 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:05:59 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3854-1 Released: Wed Oct 29 15:10:39 2025 Summary: Recommended update for cifs-utils Type: recommended Severity: moderate References: 1248816 This update for cifs-utils fixes the following issues: - Fix: cifs.upcall program in the cifs-utils package fails to use a valid service ticket from the credential cache if the TGT is expired or not exist (bsc#1248816) * cifs-utils: Skip TGT check if there is a valid service ticket * cifs-utils: avoid using mktemp when updating mtab * cifs-utils: add documentation for upcall_target * setcifsacl: fix memory allocation for struct cifs_ace * cifs.upcall: fix UAF in get_cachename_from_process_en * cifs.upcall: fix memory leaks in check_service_ticket ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3950-1 Released: Wed Nov 5 11:22:31 2025 Summary: Security update for runc Type: security Severity: important References: 1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4073-1 Released: Wed Nov 12 11:34:27 2025 Summary: Security update for runc Type: security Severity: important References: 1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from . bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from Update to runc v1.3.0. Upstream changelog is available from ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4110-1 Released: Fri Nov 14 16:56:18 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4140-1 Released: Wed Nov 19 14:15:25 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1 251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560, CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202 3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987 ,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4196-1 Released: Mon Nov 24 11:54:23 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4288-1 Released: Fri Nov 28 09:25:32 2025 Summary: Security update for containerd Type: security Severity: important References: 1253126,1253132,CVE-2024-25621,CVE-2025-64329 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4321-1 Released: Fri Dec 5 08:07:53 2025 Summary: Recommended update for pciutils Type: recommended Severity: moderate References: 1001888,1006827,1029961,1098094,1098228,1170554,1192862,1206798,1224138,529469,837347 This update for pciutils fixes the following issues: pciutils was updated from version 3.5.6 to 3.13.0 (jsc#PED-8402, jsc#PED-8393, bsc#1224138): - Highlights of issues fixed: * Fixed LnkCap speed recognition in `lspci` for multi PCIe ports such as the ML110 Gen11 (bsc#1192862) * Included several non-standard extensions to VPD decoder (bsc#1170554, bsc#1098228) * Fixed the display of the gen4 speed for GEN 4 cards like Mellanox CX5 (bsc#1098094) * Replaced dependency on pciutil-ids with hwdata * Potentially disruptive change of PCI IDs Cache: + The local cache of PCI IDs (.pci-ids) was moved to the XDG standard location: `$XDG_CACHE_HOME/pci-ids` (v3.11.0) This could be a disruptive change if users or scripts are relying on the old path. - Key New Features and Utilities: * New `pcilmr` Utility: A new tool, `pcilmr`, was added for 'PCIe lane margining,' which is a low-level diagnostic feature (v3.11.0) * New `lspci` Path Flag: You can now use `lspci -P` (or -PP) to see the path of bridges leading to a specific device (v3.6.2) * ECAM Support: Added support for the ECAM (Enhanced Configuration Access Mechanism), a standard way to access PCIe configuration space (v3.10.0) * IOMMU Group Display: lspci can now display IOMMU groups on Linux (v3.7.0) - New Hardware and Protocol Decoding: * Added support for decoding CXL capabilities (v3.9.0) * Decoding for Advanced Error Reporting (AER) (v3.13.0) * Decoding for IDE (Integrity and Data Encryption) and TEE-IO extended capabilities (v3.12.0) * Decoding for Data Object Exchange (DOE) (v3.8.0) * Decoding for standard and VF (Virtual Function) Resizable BARs (v3.7.0) * Decoding for Multicast capabilities (v3.6.3) - Improved Output Clarity: * PCIe link speeds running below their maximum are now clearly marked as 'downgraded' (v3.6.0) * BARs (Base Address Registers) reported by the OS but not actually set on the device are marked as '[virtual]' (v3.6.0) - Command Behavior and System Changes: * `lspci` Tree View (-t): + Can now be combined with `-s` to show only a specific sub-tree (v3.6.3) + Improved filtering options (v3.9.0) + Improved support of multi-domain systems (v3.10.0) * `setpci`: + Can now check if a named register exists for that device's header type (v3.9.0) * `update-pciids`: + Now supports XZ compression when downloading new ID lists (v3.11.0) * Database Update: + The pci.ids device database was continuously updated across all versions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4326-1 Released: Tue Dec 9 11:31:28 2025 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1254362 This update for runc fixes the following issues: - Update to runc v1.3.4 (bsc#1254362) - libct: fix mips compilation: * When configuring a tmpfs mount, only set the mode= argument if the target path already existed. * Fix various file descriptor leaks and add additional tests to detect them as comprehensively as possible. - Downgrade github.com/cyphar/filepath-securejoin dependency to v0.5.2, which should make it easier for some downstreams to import runc without pulling in too many extra packages. - The runc binary distributed with this release are statically linked with the following GNU LGPL-2.1 licensed libraries, with runc acting as a 'work that uses the Library': * libseccomp: The versions of these libraries were not modified from their upstream versions ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4332-1 Released: Tue Dec 9 12:56:58 2025 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: important References: 1246914 This update for libnvme, nvme-cli fixes the following issues: Fix: libnvme/nvme-cli TLS PSK generation logic not compliant to RFC 8446: (bsc#1246914) * linux: use EVP_PKEY_CTX_add1_hkdf_info only once in compat function * nvme/linux: check for empty digest in gen_tls_identity() * nvme/linux: add fallback implementation for nvme_insert_tls_key_compat() * linux: fix HKDF TLS key derivation back to OpenSSL 3.0.8 * libnvme: TLS PSK derivation fixes * linux: rename __nvme_insert_tls_key_versioned() to __nvme_insert_tls_key() * linux: rename __nvme_insert_tls_key() to __nvme_import_tls_key() * test/psk: add testcase for TLS identity derivation * linux: set errno when nvme_generate_tls_key_identity() fails * nvme: add --compat flag for 'gen-tls-key' and 'check-tls-key' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - bash-sh-4.4-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bind-utils-9.18.33-150600.3.18.1 updated - chrony-pool-suse-4.1-150400.21.8.1 updated - chrony-4.1-150400.21.8.1 updated - cifs-utils-6.15-150400.3.18.1 updated - containerd-ctr-1.7.29-150000.128.1 updated - containerd-1.7.29-150000.128.1 updated - curl-8.14.1-150600.4.31.1 updated - e2fsprogs-1.47.0-150600.4.6.2 added - elfutils-0.185-150400.5.8.3 updated - glib2-tools-2.78.6-150600.4.22.1 updated - grub2-i386-pc-2.12-150600.8.44.2 updated - grub2-x86_64-efi-2.12-150600.8.44.2 updated - grub2-2.12-150600.8.44.2 updated - kernel-default-6.4.0-150600.23.78.1 updated - kmod-29-150600.13.3.1 updated - krb5-1.20.1-150600.11.14.1 updated - libasm1-0.185-150400.5.8.3 updated - libcurl4-8.14.1-150600.4.31.1 updated - libdw1-0.185-150400.5.8.3 updated - libelf1-0.185-150400.5.8.3 updated - libext2fs2-1.47.0-150600.4.6.2 added - libfreetype6-2.10.4-150000.4.25.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libkmod2-29-150600.13.3.1 updated - libnvme-mi1-1.8+93.g5986a5a7-150600.3.21.1 updated - libnvme1-1.8+93.g5986a5a7-150600.3.21.1 updated - libpci3-3.13.0-150300.13.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - libreadline7-7.0-150400.27.6.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libselinux1-3.5-150600.3.3.1 updated - libsolv-tools-base-0.7.34-150600.8.19.2 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libudev1-254.27-150600.4.46.2 updated - nvme-cli-2.8+95.g1a0c2083-150600.3.24.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - openssh-server-config-disallow-rootlogin-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated - pciutils-3.13.0-150300.13.9.1 updated - python3-base-3.6.15-150300.10.100.1 updated - runc-1.3.4-150000.88.1 updated - sles-release-15.6-150600.64.9.2 updated - systemd-254.27-150600.4.46.2 updated - udev-254.27-150600.4.46.2 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - vim-9.1.1629-150500.20.38.1 updated - xen-libs-4.18.5_06-150600.3.31.2 updated - catatonit-0.2.0-150500.3.3.1 removed - docker-28.3.3_ce-150000.230.1 removed - iptables-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libnftnl11-1.2.0-150400.1.6 removed - xtables-plugins-1.8.7-1.1 removed From sle-container-updates at lists.suse.com Sun Dec 14 12:38:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 13:38:17 +0100 (CET) Subject: SUSE-CU-2025:9008-1: Recommended update of bci/golang Message-ID: <20251214123817.6A773FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9008-1 Container Tags : bci/golang:1.25 , bci/golang:1.25.5 , bci/golang:1.25.5-1.76.13 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.76.13 Container Release : 76.13 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 12:38:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 13:38:45 +0100 (CET) Subject: SUSE-CU-2025:9009-1: Recommended update of bci/openjdk-devel Message-ID: <20251214123845.8A3D7FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9009-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-14.16 Container Release : 14.16 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-openjdk-17-15.7.17-13.14 updated From sle-container-updates at lists.suse.com Sun Dec 14 12:39:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 13:39:12 +0100 (CET) Subject: SUSE-CU-2025:9010-1: Recommended update of bci/python Message-ID: <20251214123912.A370EFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9010-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.14 , bci/python:3.11.14-78.12 Container Release : 78.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 12:39:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 13:39:44 +0100 (CET) Subject: SUSE-CU-2025:9011-1: Recommended update of bci/python Message-ID: <20251214123944.8E768FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9011-1 Container Tags : bci/python:3 , bci/python:3.13 , bci/python:3.13.9 , bci/python:3.13.9-80.13 , bci/python:latest Container Release : 80.13 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 14:55:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 15:55:20 +0100 (CET) Subject: SUSE-CU-2025:9015-1: Recommended update of bci/php-apache Message-ID: <20251214145520.AF81CFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9015-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.7 , bci/php-apache:latest Container Release : 17.7 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 14:55:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 15:55:46 +0100 (CET) Subject: SUSE-CU-2025:9016-1: Recommended update of bci/php-fpm Message-ID: <20251214145546.313DEFBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9016-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.3.23 , bci/php-fpm:8.3.23-17.6 , bci/php-fpm:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 14:56:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 15:56:10 +0100 (CET) Subject: SUSE-CU-2025:9017-1: Recommended update of bci/php Message-ID: <20251214145610.7D0D6FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9017-1 Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-17.6 , bci/php:latest Container Release : 17.6 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sun Dec 14 14:56:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Dec 2025 15:56:41 +0100 (CET) Subject: SUSE-CU-2025:9018-1: Recommended update of bci/python Message-ID: <20251214145641.03F52FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9018-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-77.12 Container Release : 77.12 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:06:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:06:25 +0100 (CET) Subject: SUSE-CU-2025:9019-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20251215080625.7D372FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9019-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.221 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.221 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:08:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:08:42 +0100 (CET) Subject: SUSE-CU-2025:9020-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20251215080842.30D7AFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9020-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.221 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.221 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:10:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:10:40 +0100 (CET) Subject: SUSE-CU-2025:9021-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20251215081040.1CCC8FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9021-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.127 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.127 Severity : moderate Type : security References : 1249055 CVE-2025-7039 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.26.1 updated - libgmodule-2_0-0-2.70.5-150400.3.26.1 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:19:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:19:51 +0100 (CET) Subject: SUSE-CU-2025:9023-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251215081951.BF082FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9023-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.56.10 Container Release : 56.10 Severity : moderate Type : security References : 1250655 1250664 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4375-1 Released: Fri Dec 12 10:19:46 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.6.13 - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - suse-module-tools-15.6.13-150600.3.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-6f5ed4de8ec380c819f1178ff960ee06168f52b8786a25e2357a15c73bf24169-0 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:20:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:20:24 +0100 (CET) Subject: SUSE-CU-2025:9024-1: Recommended update of suse/pcp Message-ID: <20251215082024.B9E29FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9024-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-68.14 , suse/pcp:latest Container Release : 68.14 Severity : moderate Type : recommended References : 1253043 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - container:bci-bci-init-15.7-2efc04a6f47ed2e693b2647e87862e46d6b416664479b2bff3988ed6910425ff-0 updated From sle-container-updates at lists.suse.com Mon Dec 15 08:20:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 09:20:51 +0100 (CET) Subject: SUSE-CU-2025:9025-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251215082051.45765FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9025-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-53.8 , bci/bci-sle15-kernel-module-devel:latest Container Release : 53.8 Severity : moderate Type : security References : 1250655 1250664 1251305 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4374-1 Released: Fri Dec 12 10:19:34 2025 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1250655,1250664 This update for suse-module-tools fixes the following issues: - Version update 15.7.8. - Fixing spec file (bsc#1250664). - Fixing compile problems on livepatch dir when checking for unresolved symbols (bsc#1250655). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - suse-module-tools-15.7.8-150700.3.8.3 updated - container:registry.suse.com-bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Tue Dec 16 08:04:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 09:04:57 +0100 (CET) Subject: SUSE-IU-2025:3897-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251216080457.9B5CFFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3897-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.17 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.17 Severity : important Type : security References : 1250232 1250233 1250234 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 107 Released: Mon Dec 15 19:16:15 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,1250233,1250234,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233) - CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234) The following package changes have been done: - libopenssl3-3.5.0-160000.4.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-a05da518b140fa3561c7d7a175f6cd96112cd676a00a5b69f5fb795fbac0bacb-0 updated From sle-container-updates at lists.suse.com Tue Dec 16 08:08:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 09:08:17 +0100 (CET) Subject: SUSE-IU-2025:3907-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251216080817.DFB52FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3907-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.14 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.14 Severity : important Type : security References : 1250232 1250233 1250234 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 107 Released: Mon Dec 15 19:16:15 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,1250233,1250234,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233) - CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234) The following package changes have been done: - libopenssl3-3.5.0-160000.4.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-a05da518b140fa3561c7d7a175f6cd96112cd676a00a5b69f5fb795fbac0bacb-0 updated From sle-container-updates at lists.suse.com Tue Dec 16 08:16:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 09:16:06 +0100 (CET) Subject: SUSE-CU-2025:9044-1: Security update of suse/sles/16.0/toolbox Message-ID: <20251216081606.40817FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9044-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.6 , suse/sles/16.0/toolbox:latest Container Release : 1.6 Severity : important Type : security References : 1231055 1250232 1250233 1250234 1252425 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 77 Released: Thu Nov 27 20:50:12 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: 107 Released: Mon Dec 15 19:16:15 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,1250233,1250234,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232) - CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233) - CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234) The following package changes have been done: - libgpgme11-1.24.3-160000.3.1 updated - libopenssl-3-fips-provider-3.5.0-160000.4.1 updated - libopenssl3-3.5.0-160000.4.1 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:07:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:07:26 +0100 (CET) Subject: SUSE-IU-2025:3916-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20251216140726.DE0F7FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3916-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.76 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.76 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 536 Released: Tue Dec 16 09:31:52 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480). - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157). - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158). - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159). - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160). The following package changes have been done: - libpng16-16-1.6.43-2.1 updated - SL-Micro-release-6.0-25.59 updated - container:suse-toolbox-image-1.0.0-9.52 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:14:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:14:03 +0100 (CET) Subject: SUSE-IU-2025:3920-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20251216141403.74044FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3920-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.58 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.58 Severity : important Type : security References : 1242631 1254157 1254158 1254159 1254160 1254480 CVE-2025-3416 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 354 Released: Tue Dec 16 09:24:29 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1242631,1254157,1254158,1254159,1254160,1254480,CVE-2025-3416,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480). - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157). - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158). - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159). - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160). The following package changes have been done: - libpng16-16-1.6.43-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.71 updated - container:suse-toolbox-image-1.0.0-4.92 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:21:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:21:14 +0100 (CET) Subject: SUSE-IU-2025:3925-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20251216142114.74E3FFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3925-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-5.17 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 5.17 Severity : important Type : security References : 1225771 1250232 1250233 1250234 CVE-2024-5564 CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 107 Released: Tue May 13 15:32:59 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1225771,1250232,1250233,1250234,CVE-2024-5564,CVE-2025-9230,CVE-2025-9231,CVE-2025-9232 This update for freetype2 fixes the following issues: Update to 2.13.2: * Some fields in the `FT_Outline` structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. * Rare double-free crashes in the cache subsystem have been fixed. * Excessive stack allocation in the autohinter has been fixed. * The B/W rasterizer has received a major upkeep that results in large performance improvements. The rendering speed has increased and even doubled for very complex glyphs. The following package changes have been done: - libopenssl3-3.5.0-160000.4.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-8b746735c9cbeb5a681c70b755c48f49cf23d6734d529415de3f1dd74ef94872-0 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:24:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:24:47 +0100 (CET) Subject: SUSE-CU-2025:9052-1: Recommended update of bci/bci-busybox Message-ID: <20251216142447.3A656FB9C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9052-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.42.3 Container Release : 42.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. The following package changes have been done: - sles-release-15.6-150600.64.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:30:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:30:59 +0100 (CET) Subject: SUSE-CU-2025:9057-1: Recommended update of suse/sle15 Message-ID: <20251216143059.B7285FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9057-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.26.18 , suse/sle15:15.6 , suse/sle15:15.6.47.26.18 Container Release : 47.26.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. The following package changes have been done: - sles-release-15.6-150600.64.12.1 updated From sle-container-updates at lists.suse.com Tue Dec 16 14:32:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:32:18 +0100 (CET) Subject: SUSE-CU-2025:9065-1: Security update of trento/trento-wanda Message-ID: <20251216143218.1D8EBFB9C@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-wanda ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9065-1 Container Tags : trento/trento-wanda:2.0.0 , trento/trento-wanda:2.0.0-build1.32.1 , trento/trento-wanda:latest Container Release : 1.32.1 Severity : important Type : security References : 1224386 1228260 1230262 1232234 1232526 1232526 1233529 1236589 1237442 1238491 1238491 1239566 1239566 1239938 1239938 1240058 1240788 1240788 1241219 1241549 1243397 1243706 1243794 1243933 1243991 1243991 1244050 1244050 1245199 1246197 1246197 1246221 1246697 1246965 1246974 1247144 1247148 1247498 1248501 1249055 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1250232 1250232 1252160 1253043 1253757 CVE-2024-10041 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-11563 CVE-2025-3576 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399 CVE-2025-7039 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container trento/trento-wanda was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - glibc-2.38-150600.14.37.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - sles-release-15.6-150600.64.12.1 updated - pam-1.3.0-150000.6.86.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-rust-1.88-749d31855c4b00da152bc115914c70591bdd05b5a73483632ba55cd2fc6fafd3-0 added - container:registry.suse.com-bci-bci-base-15.6-c1a353f6c3e55798df99a549151efa9d056a84c2094e75401a647c685ac03ddb-0 updated - container:registry.suse.com-bci-rust-1.81-4f6cd9eb1956663f9042116e2e0069bc01c9402dd29d619afaf07b32de0da207-0 removed From sle-container-updates at lists.suse.com Tue Dec 16 14:32:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Dec 2025 15:32:29 +0100 (CET) Subject: SUSE-CU-2025:9066-1: Security update of trento/trento-web Message-ID: <20251216143229.36EC4FB9C@maintenance.suse.de> SUSE Container Update Advisory: trento/trento-web ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9066-1 Container Tags : trento/trento-web:3.0.0 , trento/trento-web:3.0.0-build4.55.1 , trento/trento-web:latest Container Release : 4.55.1 Severity : important Type : security References : 1224386 1228260 1230262 1232234 1232526 1232526 1233529 1236589 1237442 1238491 1238491 1239566 1239566 1239938 1239938 1240058 1240788 1240788 1241219 1241549 1243397 1243706 1243794 1243933 1243991 1243991 1244050 1244050 1245199 1246197 1246197 1246221 1246697 1246965 1246974 1247144 1247148 1247498 1248501 1249055 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1250232 1250232 1252160 1253043 1253757 CVE-2024-10041 CVE-2024-6874 CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-11563 CVE-2025-3576 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399 CVE-2025-7039 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086 CVE-2025-9086 CVE-2025-9230 CVE-2025-9230 ----------------------------------------------------------------- The container trento/trento-web was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2720-1 Released: Thu Aug 7 05:38:44 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: This update for crypto-policies fixes the following issues: - Update the BSI policy (jsc#PED-12880) * BSI: switch to 3072 minimum RSA key size * BSI: Update BSI policy for new 2024 minimum ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2780-1 Released: Wed Aug 13 10:28:27 2025 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050 This update for gcc14 fixes the following issues: Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799 - Fixed libqt6webengine build. - Fix build on s390x [bsc#1241549] - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Allow GCC executables to be built PIE. [bsc#1239938] - Backport -msplit-patch-nops required for user-space livepatching on powerpc. - Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Fixes reported ICE in [bsc#1237442] - Add larchintrin.h, lasxintrin.h and lsxintrin.h headers to gccXY main package in %files section - libstdc++6 fix for parsing tzdata 2024b [gcc#116657] - Fix ICE with LTO building openvino on aarch64 [bsc#1230262] - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2841-1 Released: Mon Aug 18 13:01:25 2025 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1246697 This update for openssl-1_1 fixes the following issues: - FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test instead of NID_secp256k1. [bsc#1246697] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2956-1 Released: Fri Aug 22 08:57:48 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: moderate References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increased limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2964-1 Released: Fri Aug 22 14:52:39 2025 Summary: Security update for glibc Type: security Severity: moderate References: 1240058,1246965,CVE-2025-8058 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3442-1 Released: Tue Sep 30 16:54:04 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3443-1 Released: Tue Sep 30 16:54:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.12.1 updated - libssh-config-0.9.8-150600.11.6.1 updated - glibc-2.38-150600.14.37.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libbrotlicommon1-1.0.7-150200.3.5.1 updated - libbrotlidec1-1.0.7-150200.3.5.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libopenssl3-3.1.4-150600.5.39.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - sles-release-15.6-150600.64.12.1 updated - pam-1.3.0-150000.6.86.1 updated - libopenssl1_1-1.1.1w-150600.5.18.1 updated - libsystemd0-254.27-150600.4.46.2 updated - container:registry.suse.com-bci-nodejs-22-a6490689e7bf557db05f55f91325d0a387b8482c0efaa63b92b61e4b1a45d3b7-0 added - container:registry.suse.com-bci-bci-base-15.6-c1a353f6c3e55798df99a549151efa9d056a84c2094e75401a647c685ac03ddb-0 updated - container:registry.suse.com-bci-nodejs-20-16f7860907407d232041cc8c1be7a913c828cd1ad4cc823983430b90e35c23bc-0 removed From sle-container-updates at lists.suse.com Wed Dec 17 08:05:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:05:08 +0100 (CET) Subject: SUSE-CU-2025:9067-1: Security update of containers/open-webui Message-ID: <20251217080508.1CE4DFB9C@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9067-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.41 , containers/open-webui:0.6.41-13.9 Container Release : 13.9 Severity : important Type : security References : 1082318 1111657 1121717 1140255 1144506 1146257 1148184 1148184 1171566 1186870 1199282 1199282 1226020 1230028 1237519 1240064 1243381 1243855 1245190 1247207 1250754 1252250 1253043 1253332 1253333 CVE-2019-13132 CVE-2019-6250 CVE-2024-12224 CVE-2024-5171 CVE-2024-58266 CVE-2025-12817 CVE-2025-12818 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:110-1 Released: Thu Jan 17 14:17:05 2019 Summary: Security update for zeromq Type: security Severity: important References: 1121717,CVE-2019-6250 This update for zeromq fixes the following issues: Security issue fixed: - CVE-2019-6250: fix a remote execution vulnerability due to pointer arithmetic overflow (bsc#1121717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1776-1 Released: Mon Jul 8 18:18:37 2019 Summary: Security update for zeromq Type: security Severity: important References: 1082318,1140255,CVE-2019-13132 This update for zeromq fixes the following issues: - CVE-2019-13132: An unauthenticated remote attacker could have exploited a stack overflow vulnerability on a server that is supposed to be protected by encryption and authentication to potentially gain a remote code execution. (bsc#1140255) - Correctly mark license files as licence instead of documentation (bsc#1082318) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3400-1 Released: Tue Dec 31 08:18:40 2019 Summary: Recommended update for libsodium Type: recommended Severity: moderate References: 1146257 This update for libsodium fixes the following issues: - build libsodium23-32bit, which is required by zeromq's -32bit packages. (bsc#1146257) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1801-1 Released: Tue Jun 30 13:07:01 2020 Summary: Recommended update for zeromq Type: recommended Severity: low References: 1171566 This update of zeromq fixes the following issue. - the libzmq5-32bit package is shipped on x86_64 platforms. (bsc#1171566) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4491-1 Released: Wed Dec 14 13:31:51 2022 Summary: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme Type: recommended Severity: important References: 1111657,1144506,1148184,1186870,1199282 This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you???re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2056-1 Released: Tue Jun 18 13:06:40 2024 Summary: Security update for libaom Type: security Severity: important References: 1226020,CVE-2024-5171 This update for libaom fixes the following issues: - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2586-1 Released: Mon Jul 22 13:44:35 2024 Summary: Recommended update for lv2, serd, sord, sratom Type: recommended Severity: moderate References: This update for lv2, serd, sord, sratom fixes the following issues: lv was updated to 1.18.4: * Fix build issues with newer toolchains. * Fix spelling errors. * atom: Fix spelling errors. * patch: Fix spelling errors. * patch: Fix type and range of patch:value. * patch: Make the type of patch:wildcard more precise. * state: Fix spelling errors. * ui: Deprecate ui:resize. * ui: Fix spelling errors. serd was updated to 0.30.16: * Switch to meson * Add html documentation do devel 0.30.16 changes: * Add SERD_STATIC to pkg-config Cflags for static-only builds * Adopt REUSE machine-readable licensing standard * Allow programs to be used from subproject * Fix spelling mistake in serdi man page 0.30.14 changes: * Fix memory consumption when reading documents * Switch to Meson build system * Update README and project metadata update to 0.30.12: * Fix warnings and build issues with clang 13 and VS 2019 * Fix writing long literals with triple quotes * Improve documentation style * Support combining several BSD-style command line flags in serdi * Write statements with invalid URI characters in lax mode update to 0.30.10: * Add fallback configuration if documentation theme is unavailable * Fix SERD_DISABLE_DEPRECATED * Fix building for older MacOS versions on newer MacOS * Fix documentation installation directory * Deprecate serd_uri_to_path() * Don't install API man pages * Fix potential memory error when serialising URIs * Move headers to an include directory * Refuse to write relative URI references to NTriples * Remove the need for a generated configuration header * Remove use of C character class functions that may use locale * Split up and reorganize unit tests * Use aligned allocation via C11 or Windows API where possible sord was updated to 0.16.14: Update to 0.16.14: * Adopt REUSE machine-readable licensing standard * Allow programs to be used from subproject * Fix accidentally exposed internal zix symbols * Fix various warnings * Switch to meson build system Update to 0.16.10: * Fix Windows build * Fix potential crash or incorrectness issue with GCC 10 again Update to 0.16.8: * Fix potential undefined behavior * Fix potentially incorrect search results * Remove the need for a generated configuration header Update to 0.16.6: * Fix potential crash or incorrectness issues with GCC 10 * Fix various minor warnings and other code quality issues Update to 0.16.2: * Update waf bundle to 2.0.9 * Fix warious compiler warnings and clang-format reports sratom was updated to 0.6.14: Update to 0.6.14 * Fix potential null pointer dereference update to 0.6.6: * Fix various minor warnings and other code quality issues Update to 0.6.2: * Update waf internals to work with python 3.7 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3472-1 Released: Fri Sep 27 14:51:53 2024 Summary: Recommended update for libsodium Type: recommended Severity: important References: 1148184,1199282 This update for libsodium fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:1080-1 Released: Mon Mar 31 19:40:43 2025 Summary: Optional update for libaom, libyuv Type: optional Severity: low References: 1237519 This update for libaom, libyuv fixes the following issues - Add libaom-devel to SLE Module Desktop Applications(bsc#1237519) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1348-1 Released: Fri Apr 18 10:39:35 2025 Summary: Recommended update for libvpl Type: recommended Severity: moderate References: 1240064 This update for libvpl fixes the following issue: - release into the correct channels. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2586-1 Released: Fri Aug 1 10:49:05 2025 Summary: Security update for rav1e Type: security Severity: moderate References: 1243855,CVE-2024-12224 This update for rav1e fixes the following issues: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3077-1 Released: Thu Sep 4 12:54:48 2025 Summary: Security update for rav1e Type: security Severity: moderate References: 1230028,1247207,CVE-2024-58266 This update for rav1e fixes the following issues: - CVE-2024-58266: shlex: Fixed certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247207) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4350-1 Released: Wed Dec 10 14:52:26 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) * imDefLkup: commit first info in XimCommitInfo * ximcp: Unmark to fabricate key events with XKeyEvent serial ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4361-1 Released: Thu Dec 11 07:26:12 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: moderate References: 1243381,1245190,1250754 This update for python-kiwi fixes the following issues: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) * Requires Python 3 Module to be activated. If not already active, please activate it using SUSEConnect. - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Dependencies rebuilt with no source changes: * python-cssselect * python-docopt * python-simplejson * python-xmltodict * pv ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:23 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libSvtAv1Enc1-1.8.0-150600.1.16 added - libX11-data-1.8.7-150600.3.6.1 updated - libaom3-3.7.1-150600.3.5.1 added - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libopenh264-8-2.6.0-150600.1.2 added - libpgm-5_2-0-5.2.122-150400.15.6 added - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - librav1e0_6-0.6.6-150600.3.6.1 added - libserd-0-0-0.30.16-150600.10.3.1 added - libsodium23-1.0.18-150000.4.8.1 added - libubsan1-15.2.0+git10201-150000.1.6.1 updated - libvmaf1-2.2.0-150400.1.8 added - libvpl2-2.10.1-150600.3.2.1 added - opencv4-cascades-data-4.12.0-150600.1.1 updated - libX11-xcb1-1.8.7-150600.3.6.1 updated - libsoxr0-0.1.3-150600.1.2 added - libgfortran5-15.2.0+git10201-150000.1.6.1 updated - libiec61883-0-1.2.0-1.27 added - libavc1394-0-0.5.4-1.27 added - libsord-0-0-0.16.14-150600.16.3.1 added - python311-azure-search-nspkg-1.0.0-150400.11.5.1 added - libX11-6-1.8.7-150600.3.6.1 updated - libzmq5-4.2.3-3.15.4 added - libsratom-0-0-0.6.14-150600.16.3.1 added - liblilv-0-0-0.24.10-150600.10.2.1 added - libva-x11-2-2.20.0-150600.1.3 added - libavutil59-7.1.1-150600.1.2 added - libswscale8-7.1.1-150600.1.2 added - libswresample5-7.1.1-150600.1.2 added - libpostproc58-7.1.1-150600.1.2 added - libavcodec61-7.1.1-150600.1.2 added - libsrt1_5-1.5.3-150600.1.2 added - libopencv412-4.12.0-150600.1.1 added - libopencv_objdetect412-4.12.0-150600.1.1 added - libopencv_imgcodecs412-4.12.0-150600.1.1 added - libavformat61-7.1.1-150600.1.2 added - libopencv_face412-4.12.0-150600.1.1 added - libopencv_aruco412-4.12.0-150600.1.1 added - libopencv_ximgproc412-4.12.0-150600.1.1 added - libpq5-18.1-150600.13.3.1 updated - libavfilter10-7.1.1-150600.1.2 added - libopencv_optflow412-4.12.0-150600.1.1 added - python311-safetensors-0.4.3-150600.1.27 updated - python311-rpds-py-0.7.1-150600.1.27 updated - python311-pypdf-6.4.0-150600.1.1 updated - python311-pypandoc-1.16.2-150600.1.1 updated - python311-propcache-0.2.0-150600.1.12 updated - python311-peewee-3.18.3-150600.1.1 updated - python311-orjson-3.10.7-150600.1.31 updated - python311-jiter-0.5.0-150600.1.26 updated - python311-hf_xet-1.2.0-150600.1.2 updated - python311-cssselect-1.2.0-150400.12.6.2 updated - python311-chardet-5.2.0-150600.1.1 updated - python311-certifi-2024.7.4-150600.1.61 updated - python311-cchardet-2.1.19-150600.1.59 updated - python311-bcrypt-5.0.0-150600.1.2 updated - python311-psycopg2-2.9.9-150600.1.26 updated - libavdevice61-7.1.1-150600.1.2 added - libopencv_gapi412-4.12.0-150600.1.1 added - python311-typing-inspection-0.4.2-150600.1.1 updated - python311-pydantic-core-2.41.5-150600.1.1 updated - python311-asgiref-3.11.0-150600.1.1 updated - python311-deprecation-2.1.0-150600.1.1 added - python311-yarl-1.18.3-150600.1.12 updated - python311-googleapis-common-protos-1.72.0-150600.1.1 updated - python311-peewee-migrate-1.14.3-150600.1.1 updated - python311-pymdown-extensions-10.17.2-150600.1.1 updated - ffmpeg-7-7.1.1-150600.1.2 added - python311-playwright-1.56.0-150600.1.1 updated - python311-pydantic-2.12.5-150600.1.1 updated - python311-pandas-2.2.3-150600.1.81 updated - python311-pycrdt-0.12.26-150600.1.6 updated - python311-python-jose-3.5.0-150600.1.1 updated - python311-ddgs-9.9.2-150600.1.1 updated - python311-alembic-1.17.2-150600.1.1 updated - python311-pydub-0.25.1-150600.1.25 updated - libopencv_videoio412-4.12.0-150600.1.1 added - python311-scikit-learn-1.5.1-150600.1.72 updated - python311-msoffcrypto-tool-5.4.2-150600.1.1 added - python311-fastapi-0.123.5-150600.1.1 updated - python311-black-25.11.0-150600.1.1 updated - python311-mcp-1.23.1-150600.1.1 updated - libopencv_highgui412-4.12.0-150600.1.1 added - python311-tiktoken-0.7.0-150600.1.28 updated - python311-firecrawl-py-4.10.1-150600.1.1 updated - python311-botocore-1.41.3-150600.1.1 updated - python311-opencv-4.12.0-150600.1.1 updated - python311-python-socketio-5.15.0-150600.1.1 updated - python311-google-genai-1.53.0-150600.1.1 updated - python311-s3transfer-0.15.0-150600.1.1 updated - python311-azure-search-documents-11.6.0-150600.1.1 added - python311-weaviate-client-4.18.3-150600.1.1 added - python311-huggingface-hub-0.34.0-150600.1.1 updated - python311-boto3-1.41.5-150600.1.1 updated - python311-pymilvus-2.6.4-150600.1.1 updated - python311-tokenizers-0.22.0-150600.1.2 updated - python311-chromadb-1.3.3-150600.2.2 updated - python311-transformers-4.57.3-150600.1.1 updated - python311-unstructured-0.18.21-150600.1.1 updated - python311-open-webui-0.6.41-150600.1.1 updated - container:registry.suse.com-bci-bci-base-15.6-3d195d20c50b2c9d3676eeb18c9cd2a1f2407fab9978aad54dd2661ce6944615-0 updated - container:registry.suse.com-bci-bci-micro-15.6-af648da49d79a2a2af3615f7bfb04b57872aea1c7549c1bbb1add7faba55babd-0 updated - ffmpeg-4-4.4.6-150600.13.33.1 removed - libgeos3_12_2-3.12.2-150600.1.14 removed - libgeos_c1-3.12.2-150600.1.14 removed - libopencv411-4.11.0-150600.1.12 removed - libopencv_aruco411-4.11.0-150600.1.12 removed - libopencv_face411-4.11.0-150600.1.12 removed - libopencv_gapi411-4.11.0-150600.1.12 removed - libopencv_highgui411-4.11.0-150600.1.12 removed - libopencv_imgcodecs411-4.11.0-150600.1.12 removed - libopencv_objdetect411-4.11.0-150600.1.12 removed - libopencv_optflow411-4.11.0-150600.1.12 removed - libopencv_videoio411-4.11.0-150600.1.12 removed - libopencv_ximgproc411-4.11.0-150600.1.12 removed - python311-Shapely-2.0.6-150600.1.20 removed - python311-brotlicffi-1.0.9.2-150600.1.3 removed - python311-h2-4.2.0-150600.1.5 removed - python311-hpack-4.0.0-150400.8.3.9 removed - python311-hyperframe-6.0.1-150400.8.3.9 removed - python311-langfuse-2.44.0-150600.1.14 removed - python311-passlib-1.7.4-150600.10.4 removed - python311-pyclipper-1.3.0.post5-150600.1.15 removed - python311-socksio-1.0.0-150600.1.1 removed - python311-tencentcloud-sdk-python-3.0.1375-150600.1.2 removed From sle-container-updates at lists.suse.com Wed Dec 17 08:09:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:09:15 +0100 (CET) Subject: SUSE-IU-2025:3927-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251217080916.015D7FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3927-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.111 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.111 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 537 Released: Tue Dec 16 16:38:50 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-2.1 updated - libsystemd0-254.27-2.1 updated - SL-Micro-release-6.0-25.60 updated - systemd-254.27-2.1 updated - udev-254.27-2.1 updated - container:SL-Micro-base-container-2.1.3-7.77 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:10:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:10:19 +0100 (CET) Subject: SUSE-IU-2025:3928-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251217081019.C1CB9FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3928-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.77 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.77 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 537 Released: Tue Dec 16 16:38:50 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-2.1 updated - libsystemd0-254.27-2.1 updated - SL-Micro-release-6.0-25.60 updated - systemd-254.27-2.1 updated - udev-254.27-2.1 updated - container:suse-toolbox-image-1.0.0-9.53 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:11:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:11:28 +0100 (CET) Subject: SUSE-IU-2025:3929-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20251217081128.16ACCFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3929-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.98 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.98 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 537 Released: Tue Dec 16 16:38:50 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-2.1 updated - libsystemd0-254.27-2.1 updated - SL-Micro-release-6.0-25.60 updated - systemd-254.27-2.1 updated - udev-254.27-2.1 updated - container:SL-Micro-base-container-2.1.3-7.77 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:12:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:12:40 +0100 (CET) Subject: SUSE-IU-2025:3930-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20251217081240.4EE8FFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3930-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.113 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.113 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 537 Released: Tue Dec 16 16:38:50 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-2.1 updated - libsystemd0-254.27-2.1 updated - SL-Micro-release-6.0-25.60 updated - systemd-254.27-2.1 updated - udev-254.27-2.1 updated - container:SL-Micro-container-2.1.3-6.111 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:15:01 +0100 (CET) Subject: SUSE-CU-2025:9080-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20251217081501.3AC14FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9080-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.53 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.53 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 537 Released: Tue Dec 16 16:38:50 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - SL-Micro-release-6.0-25.60 updated - libsystemd0-254.27-2.1 updated - libudev1-254.27-2.1 updated - skelcd-EULA-SL-Micro-2024.01.19-8.59 updated - systemd-254.27-2.1 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:15:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:15:13 +0100 (CET) Subject: SUSE-IU-2025:3932-1: Security update of suse/sl-micro/6.2/baremetal-os-container Message-ID: <20251217081513.9DF36FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3932-1 Image Tags : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.20 , suse/sl-micro/6.2/baremetal-os-container:latest Image Release : 6.20 Severity : critical Type : security References : 1027519 1214718 1218851 1219080 1219885 1221332 1221334 1221984 1222302 1222453 1225953 1227355 1228574 1228575 1233593 1233594 CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-11595 CVE-2024-11596 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 ----------------------------------------------------------------- The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Mon Feb 3 10:11:08 2025 Summary: Security update for xen Type: security Severity: critical References: 1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) ----------------------------------------------------------------- Advisory ID: 109 Released: Mon Feb 3 10:11:27 2025 Summary: Security update for wireshark Type: security Severity: important References: 1233593,1233594,CVE-2024-11595,CVE-2024-11596 This update for wireshark fixes the following issues: Wireshark 4.2.9: * CVE-2024-11595: FiveCo RAP dissector infinite loop (bsc#1233594). * CVE-2024-11596: ECMP dissector crash (bsc#1233593). The following package changes have been done: - libfreetype6-2.13.3-160000.3.1 updated - libldap-data-2.6.10+10-160000.3.1 updated - libldap-2-2.6.10+10-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-35e6f9297d3fe36d402319e557c36610be85b6863f587e592155d3a6740f8c35-0 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:18:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:18:36 +0100 (CET) Subject: SUSE-IU-2025:3939-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251217081836.334FFFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3939-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.16 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.16 Severity : critical Type : security References : 1027519 1214718 1218851 1219080 1219885 1221332 1221334 1221984 1222302 1222453 1225953 1227355 1228574 1228575 CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Mon Feb 3 10:11:08 2025 Summary: Security update for xen Type: security Severity: critical References: 1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - libldap-data-2.6.10+10-160000.3.1 updated - libldap-2-2.6.10+10-160000.3.1 updated - container:suse-sl-micro-6.2-base-os-container-latest-35e6f9297d3fe36d402319e557c36610be85b6863f587e592155d3a6740f8c35-0 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:19:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:19:01 +0100 (CET) Subject: SUSE-IU-2025:3944-1: Security update of suse/sl-micro/6.2/rt-os-container Message-ID: <20251217081901.11804FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3944-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-5.20 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 5.20 Severity : critical Type : security References : 1027519 1214718 1218851 1219080 1219885 1221332 1221334 1221984 1222302 1222453 1225953 1227355 1228574 1228575 CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Mon Feb 3 10:11:08 2025 Summary: Security update for xen Type: security Severity: critical References: 1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - libldap-data-2.6.10+10-160000.3.1 updated - libldap-2-2.6.10+10-160000.3.1 updated - container:suse-sl-micro-6.2-baremetal-os-container-latest-20a21b88aaaf66cc87f89d999a3b632cedc57e0181aaf3b8d73c14802b1cb853-0 updated From sle-container-updates at lists.suse.com Wed Dec 17 08:34:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Dec 2025 09:34:06 +0100 (CET) Subject: SUSE-CU-2025:9109-1: Security update of suse/sles/16.0/toolbox Message-ID: <20251217083406.E98BBFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/16.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9109-1 Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.7 , suse/sles/16.0/toolbox:latest Container Release : 1.7 Severity : critical Type : security References : 1027519 1214718 1218851 1219080 1219885 1221332 1221334 1221984 1222302 1222453 1225953 1227355 1228574 1228575 CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142 CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 ----------------------------------------------------------------- The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Mon Feb 3 10:11:08 2025 Summary: Security update for xen Type: security Severity: critical References: 1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146 This update for xen fixes the following issues: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) * No upstream changelog found in sources or webpage - bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86 IOMMU identity mapping (XSA-460) - bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through with shared resources (XSA-461) - bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86 guest IRQ handling (XSA-458) - bsc#1214718 - The system hangs intermittently when Power Control Mode is set to Minimum Power on SLES15SP5 Xen - Upstream bug fixes (bsc#1027519) - bsc#1225953 - Package xen does not build with gcc14 because of new errors - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - Upstream bug fixes (bsc#1027519) - Update to Xen 4.18.2 security bug fix release (bsc#1027519) xen-4.18.2-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may trigger Xen bug check (XSA-454) - bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic for BTC/SRSO mitigations (XSA-455) - bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch History Injection (XSA-456) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - Update to Xen 4.18.1 bug fix release (bsc#1027519) xen-4.18.1-testing-src.tar.bz2 * No upstream changelog found in sources or webpage - bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data Sampling (XSA-452) - bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative Race Conditions (XSA-453) - bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs exceptions from emulation stubs (XSA-451) - Upstream bug fixes (bsc#1027519) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to quarantine devices in !HVM builds (XSA-450) - bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions assigned to incorrect contexts (XSA-449) The following package changes have been done: - libldap-2-2.6.10+10-160000.3.1 updated - libldap-data-2.6.10+10-160000.3.1 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:05:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:05:08 +0100 (CET) Subject: SUSE-IU-2025:3951-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251218080508.85689FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3951-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.229 , suse/sle-micro/base-5.5:latest Image Release : 5.8.229 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4436-1 Released: Wed Dec 17 14:55:46 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.34-150000.3.12.1 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:21:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:21:56 +0100 (CET) Subject: SUSE-CU-2025:9127-1: Security update of suse/helm Message-ID: <20251218082156.B7F0BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9127-1 Container Tags : suse/helm:3 , suse/helm:3.19 , suse/helm:3.19.1 , suse/helm:3.19.1-61.6 , suse/helm:latest Container Release : 61.6 Severity : important Type : security References : ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4437-1 Released: Wed Dec 17 15:44:48 2025 Summary: Security update for helm Type: security Severity: important References: This update for helm rebuilds it against current GO to fix security issues in go-stdlib. The following package changes have been done: - helm-3.19.1-150000.1.59.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:22:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:22:24 +0100 (CET) Subject: SUSE-CU-2025:9128-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251218082224.C6465FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9128-1 Container Tags : suse/kiosk/firefox-esr:140.6 , suse/kiosk/firefox-esr:140.6-69.22 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.22 Severity : important Type : security References : 1244057 1254353 1254551 CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324 CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331 CVE-2025-14333 CVE-2025-58436 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4424-1 Released: Wed Dec 17 12:09:10 2025 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1254551,CVE-2025-14321,CVE-2025-14322,CVE-2025-14323,CVE-2025-14324,CVE-2025-14325,CVE-2025-14328,CVE-2025-14329,CVE-2025-14330,CVE-2025-14331,CVE-2025-14333 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551). - MFSA 2025-94 * CVE-2025-14321: use-after-free in the WebRTC: Signaling component. * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2025-14323: privilege escalation in the DOM: Notifications component. * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14328: privilege escalation in the Netmonitor component. * CVE-2025-14329: privilege escalation in the Netmonitor component. * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14331: same-origin policy bypass in the Request Handling component. * CVE-2025-14333: memory safety bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4425-1 Released: Wed Dec 17 12:20:02 2025 Summary: Security update for cups Type: security Severity: moderate References: 1244057,1254353,CVE-2025-58436 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). The following package changes have been done: - cups-config-2.2.7-150000.3.83.1 updated - libcups2-2.2.7-150000.3.83.1 updated - MozillaFirefox-140.6.0-150200.152.213.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:25:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:25:53 +0100 (CET) Subject: SUSE-CU-2025:9139-1: Security update of suse/mariadb-client Message-ID: <20251218082553.39E14FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9139-1 Container Tags : suse/mariadb-client:11.8 , suse/mariadb-client:11.8.5 , suse/mariadb-client:11.8.5-66.2 , suse/mariadb-client:latest Container Release : 66.2 Severity : important Type : security References : 1252162 1254313 CVE-2025-13699 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4438-1 Released: Wed Dec 17 16:43:42 2025 Summary: Security update for mariadb Type: security Severity: important References: 1252162,1254313,CVE-2025-13699 This update for mariadb fixes the following issues: - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution (bsc#1254313) Other fixes: - Updated to 11.8.5 - Added %license tags to license files (bsc#1252162) - Added INSTALL_DOCREADMEDIR cmake flag to install readme and license files The following package changes have been done: - mariadb-errormessages-11.8.5-150700.3.9.1 updated - mariadb-client-11.8.5-150700.3.9.1 updated - libaio1-0.3.113-150600.15.3.1 removed From sle-container-updates at lists.suse.com Thu Dec 18 08:26:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:26:07 +0100 (CET) Subject: SUSE-CU-2025:9141-1: Security update of suse/mariadb Message-ID: <20251218082607.BC446FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9141-1 Container Tags : suse/mariadb:11.8 , suse/mariadb:11.8.5 , suse/mariadb:11.8.5-68.2 , suse/mariadb:latest Container Release : 68.2 Severity : important Type : security References : 1252162 1254313 CVE-2025-13699 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4438-1 Released: Wed Dec 17 16:43:42 2025 Summary: Security update for mariadb Type: security Severity: important References: 1252162,1254313,CVE-2025-13699 This update for mariadb fixes the following issues: - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution (bsc#1254313) Other fixes: - Updated to 11.8.5 - Added %license tags to license files (bsc#1252162) - Added INSTALL_DOCREADMEDIR cmake flag to install readme and license files The following package changes have been done: - mariadb-errormessages-11.8.5-150700.3.9.1 updated - mariadb-tools-11.8.5-150700.3.9.1 updated - mariadb-client-11.8.5-150700.3.9.1 updated - mariadb-11.8.5-150700.3.9.1 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:27:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:27:17 +0100 (CET) Subject: SUSE-CU-2025:9144-1: Security update of suse/samba-server Message-ID: <20251218082717.02F9EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9144-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-70.2 , suse/samba-server:latest Container Release : 70.2 Severity : moderate Type : security References : 1244057 1254353 CVE-2025-58436 ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4425-1 Released: Wed Dec 17 12:20:02 2025 Summary: Security update for cups Type: security Severity: moderate References: 1244057,1254353,CVE-2025-58436 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). The following package changes have been done: - cups-config-2.2.7-150000.3.83.1 updated - libcups2-2.2.7-150000.3.83.1 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:28:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:28:56 +0100 (CET) Subject: SUSE-CU-2025:9148-1: Security update of suse/kiosk/xorg Message-ID: <20251218082856.AA87EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9148-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-72.2 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 72.2 Severity : moderate Type : security References : 1105832 CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4426-1 Released: Wed Dec 17 12:22:40 2025 Summary: Security update for xkbcomp Type: security Severity: moderate References: 1105832,CVE-2018-15853,CVE-2018-15859,CVE-2018-15861,CVE-2018-15863 This update for xkbcomp fixes the following issues: - CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832). - CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832). - CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832). - CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832). The following package changes have been done: - xkbcomp-1.4.1-150000.3.6.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Thu Dec 18 08:35:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Dec 2025 09:35:38 +0100 (CET) Subject: SUSE-CU-2025:9150-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20251218083538.82A36FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9150-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.214 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.214 Severity : important Type : security References : 1254297 1254662 1254878 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4442-1 Released: Wed Dec 17 17:17:38 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.36.1 updated - libgmodule-2_0-0-2.62.6-150200.3.36.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:07:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:07:56 +0100 (CET) Subject: SUSE-IU-2025:3963-1: Security update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251219080756.356E2FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3963-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.17 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.17 Severity : important Type : security References : 1230042 1250984 1253002 1254286 1254494 CVE-2025-11234 CVE-2025-12464 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 112 Released: Thu Dec 18 13:42:03 2025 Summary: Security update for qemu Type: security Severity: important References: 1230042,1250984,1253002,1254286,1254494,CVE-2025-11234,CVE-2025-12464 This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - Version 10.0.7: * kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value * docs/devel: Update URL for make-pullreq script * target/arm: Fix assert on BRA. * hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN * hw/core/machine: Provide a description for aux-ram-share property * hw/pci: Make msix_init take a uint32_t for nentries * block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() * block-backend: Fix race when resuming queued requests * ui/vnc: Fix qemu abort when query vnc info * chardev/char-pty: Do not ignore chr_write() failures * hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() * hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs * hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure * migration: Fix transition to COLO state from precopy * Full backport list: https://lore.kernel.org/qemu-devel/1765037524.347582.2700543.nullmailer at tls.msk.ru/ - Version 10.0.6: * linux-user/microblaze: Fix little-endianness binary * target/hppa: correct size bit parity for fmpyadd * target/i386: user: do not set up a valid LDT on reset * async: access bottom half flags with qatomic_read * target/i386: fix x86_64 pushw op * i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit * i386/cpu: Prevent delivering SIPI during SMM in TCG mode * i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS * target/i386: Fix CR2 handling for non-canonical addresses * block/curl.c: Use explicit long constants in curl_easy_setopt calls * pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs * target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN2 and SEWd * target/riscv: Fix ssamoswap error handling * Full backport list: https://lore.kernel.org/qemu-devel/1761022287.744330.6357.nullmailer at tls.msk.ru/ - Version 10.0.5: * tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image * tests/functional/test_ppc_bamboo: Replace broken link with working assets * physmem: Destroy all CPU AddressSpaces on unrealize * memory: New AS helper to serialize destroy+free * include/system/memory.h: Clarify address_space_destroy() behaviour * migration: Fix state transition in postcopy_start() error handling * target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions * target/riscv: rvv: Replace checking V by checking Zve32x * target/riscv: Fix endianness swap on compressed instructions * hw/riscv/riscv-iommu: Fixup PDT Nested Walk * Full backport list: https://lore.kernel.org/qemu-devel/1759986125.676506.643525.nullmailer at tls.msk.ru/ - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - [openSUSE][RPM] spec: make glusterfs support conditional (bsc#1254494). The following package changes have been done: - qemu-guest-agent-10.0.7-160000.1.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:21:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:21:13 +0100 (CET) Subject: SUSE-CU-2025:9165-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251219082113.52C5FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9165-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.73.1 Severity : moderate Type : security References : 1237060 1241455 1250911 1251864 1253024 CVE-2025-11065 CVE-2025-47911 CVE-2025-58190 CVE-2025-62348 CVE-2025-62349 CVE-2025-64751 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4479-1 Released: Thu Dec 18 13:15:01 2025 Summary: Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes Type: security Severity: moderate References: 1237060,1241455,1250911,1251864,1253024,CVE-2025-11065,CVE-2025-47911,CVE-2025-58190,CVE-2025-62348,CVE-2025-62349,CVE-2025-64751 Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.16.2-150400.3.104.2 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:26:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:26:58 +0100 (CET) Subject: SUSE-CU-2025:9175-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20251219082658.50A52FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9175-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.6 , suse/manager/5.0/x86_64/proxy-httpd:5.0.6.7.29.2 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.29.2 Severity : important Type : security References : 1211373 1213308 1217755 1222128 1224386 1225740 1227577 1227579 1229825 1229977 1230876 1233496 1235567 1235847 1237536 1238481 1239158 1239636 1240225 1240565 1241013 1241307 1243087 1243183 1243679 1243768 1243808 1243876 1243994 1244027 1244065 1244125 1244219 1244290 1244298 1244329 1244338 1244400 1244427 1244430 1244519 1244542 1244552 1244641 1244648 1244724 1244822 1245027 1245240 1245241 1245307 1245398 1245405 1245528 1245987 1246035 1246421 1246422 1246436 1246452 1246586 1246638 1246659 1246663 1246883 1246957 1246981 1247084 1247111 1247214 1247269 1247305 1247322 1247407 1247481 1247544 1247822 1247951 1247983 1247990 1248247 1248292 1248403 1248409 1248411 1248448 1248467 1248501 1248661 1248741 1248799 1248804 1249055 1249089 1249148 1249359 1249384 1249502 1250239 1250318 1250342 1250423 1250427 1250451 1251117 1251305 1251796 1251864 1252023 1252160 1252680 1252723 1252974 1253741 CVE-2025-6075 CVE-2025-7039 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4359-1 Released: Thu Dec 11 04:06:53 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-4456 Released: Thu Dec 18 12:55:55 2025 Summary: Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1211373,1213308,1217755,1222128,1225740,1227577,1227579,1229825,1229977,1230876,1233496,1235567,1235847,1237536,1238481,1239158,1239636,1240225,1240565,1241013,1241307,1243087,1243183,1243679,1243768,1243808,1243876,1243994,1244027,1244065,1244125,1244219,1244290,1244298,1244329,1244338,1244400,1244427,1244430,1244519,1244542,1244552,1244641,1244648,1244724,1244822,1245027,1245240,1245241,1245307,1245398,1245405,1245528,1245987,1246035,1246421,1246422,1246436,1246452,1246586,1246638,1246659,1246663,1246883,1246957,1246981,1247084,1247111,1247214,1247269,1247305,1247322,1247407,1247481,1247544,1247822,1247951,1247983,1247990,1248247,1248292,1248403,1248409,1248411,1248448,1248467,1248661,1248741,1248799,1248804,1249089,1249148,1249384,1249502,1250239,1250318,1250342,1250423,1250427,1250451,1251117,1251796,1251864,1252023,1252680,1252723 Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libkmod2-29-150600.13.3.1 updated - release-notes-susemanager-proxy-5.0.6-150600.11.34.1 updated - selinux-tools-3.5-150600.3.3.1 updated - libsystemd0-254.27-150600.4.46.2 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - uyuni-base-common-5.0.3-150600.2.3.1 updated - apache2-prefork-2.4.58-150600.5.38.1 updated - python3-3.6.15-150300.10.100.1 updated - systemd-254.27-150600.4.46.2 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - apache2-2.4.58-150600.5.38.1 updated - spacewalk-proxy-html-5.0.2-150600.3.3.1 updated - python3-rhnlib-5.0.6-150600.4.9.1 updated - spacewalk-backend-5.0.16-150600.4.23.7 updated - python3-spacewalk-client-tools-5.0.11-150600.4.15.5 updated - spacewalk-client-tools-5.0.11-150600.4.15.5 updated - mgr-push-5.0.3-150600.2.3.1 updated - python3-mgr-push-5.0.3-150600.2.3.1 updated - spacewalk-proxy-package-manager-5.0.7-150600.3.12.1 updated - spacewalk-proxy-common-5.0.7-150600.3.12.1 updated - spacewalk-proxy-broker-5.0.7-150600.3.12.1 updated - spacewalk-proxy-redirect-5.0.7-150600.3.12.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:27:06 +0100 (CET) Subject: SUSE-CU-2025:9176-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20251219082706.E57B6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9176-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.6 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.6.7.31.2 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.31.2 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:27:22 +0100 (CET) Subject: SUSE-CU-2025:9178-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20251219082722.65AACFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9178-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.6 , suse/manager/5.0/x86_64/proxy-ssh:5.0.6.7.29.1 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.29.1 Severity : moderate Type : security References : 1224386 1248501 1251198 1251199 1251305 1252974 CVE-2025-6075 CVE-2025-61984 CVE-2025-61985 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - openssh-common-9.6p1-150600.6.34.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - openssh-fips-9.6p1-150600.6.34.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:27:29 +0100 (CET) Subject: SUSE-CU-2025:9179-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20251219082729.96A70FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9179-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.6 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.6.7.29.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.29.1 Severity : low Type : security References : 1251305 1252974 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:27:37 +0100 (CET) Subject: SUSE-CU-2025:9180-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20251219082737.78275FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9180-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.6 , suse/manager/5.0/x86_64/server-attestation:5.0.6.6.33.1 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.33.1 Severity : important Type : security References : 1224386 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1246806 1247985 1248501 1249055 1250399 1252148 1252160 1252414 1252417 1253043 CVE-2025-53057 CVE-2025-53066 CVE-2025-59432 CVE-2025-7039 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3996-1 Released: Fri Nov 7 16:48:28 2025 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.29+7 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4054-1 Released: Tue Nov 11 15:04:28 2025 Summary: Security update for ongres-scram Type: security Severity: moderate References: 1250399,CVE-2025-59432 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - liblcms2-2-2.15-150600.3.3.2 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - bash-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - bash-sh-4.4-150400.27.6.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libfreetype6-2.10.4-150000.4.25.1 updated - java-11-openjdk-headless-11.0.29.0-150000.3.132.2 updated - ongres-scram-2.1-150400.8.5.1 updated - ongres-scram-client-2.1-150400.8.5.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:27:46 +0100 (CET) Subject: SUSE-CU-2025:9181-1: Recommended update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20251219082746.40AE4FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9181-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.6 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.6.6.29.1 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 6.29.1 Severity : important Type : recommended References : 1224386 1248501 1253741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling The following package changes have been done: - libkmod2-29-150600.13.3.1 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:06 +0100 (CET) Subject: SUSE-CU-2025:9183-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20251219082806.8A29DFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9183-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.6 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.6.7.29.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 7.29.1 Severity : important Type : security References : 1224386 1227888 1228260 1228535 1230093 1230516 1232526 1232528 1234068 1235151 1236588 1236589 1236590 1238491 1239566 1239938 1240788 1241219 1243397 1243706 1243794 1243933 1243991 1244050 1245199 1245309 1245310 1245311 1245314 1246197 1246197 1246974 1247498 1248501 1249191 1249191 1249348 1249348 1249367 1249367 1249375 1250553 1251305 1251979 1252160 1252974 1253332 1253332 1253332 1253333 1253333 1253333 CVE-2024-11053 CVE-2024-6197 CVE-2024-6874 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0167 CVE-2025-0665 CVE-2025-0725 CVE-2025-10148 CVE-2025-10148 CVE-2025-10911 CVE-2025-11731 CVE-2025-12817 CVE-2025-12817 CVE-2025-12817 CVE-2025-12818 CVE-2025-12818 CVE-2025-12818 CVE-2025-3576 CVE-2025-4877 CVE-2025-4878 CVE-2025-4947 CVE-2025-5025 CVE-2025-5318 CVE-2025-5372 CVE-2025-5399 CVE-2025-6075 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-9086 CVE-2025-9086 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3198-1 Released: Fri Sep 12 14:15:08 2025 Summary: Security update for curl Type: security Severity: important References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4371-1 Released: Thu Dec 11 20:04:44 2025 Summary: Security update for postgresql14 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql14 fixes the following issues: Upgraded to 14.20: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4388-1 Released: Fri Dec 12 14:36:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 added - libsasl2-3-2.1.28-150600.7.9.2 updated - libunistring2-0.9.10-1.1 added - libnghttp2-14-1.40.0-150600.23.2 added - libbrotlicommon1-1.0.7-150200.3.5.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libgcc_s1-15.2.0+git10201-150000.1.3.3 updated - libidn2-0-2.2.0-3.6.1 added - libstdc++6-15.2.0+git10201-150000.1.3.3 updated - libpsl5-0.20.1-150000.3.3.1 added - libselinux1-3.5-150600.3.3.1 updated - krb5-1.20.1-150600.11.14.1 updated - libssh4-0.9.8-150600.11.6.1 added - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libcurl4-8.14.1-150600.4.28.1 added - libsystemd0-254.27-150600.4.46.2 updated - libpq5-18.1-150600.13.3.1 updated - libxslt1-1.1.34-150400.3.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - postgresql-18-150600.17.9.1 updated - postgresql14-14.20-150600.16.23.1 updated - postgresql16-16.11-150600.16.25.1 updated - postgresql-server-18-150600.17.9.1 updated - postgresql14-server-14.20-150600.16.23.1 updated - postgresql16-server-16.11-150600.16.25.1 updated - postgresql16-contrib-16.11-150600.16.25.1 updated - postgresql-contrib-18-150600.17.9.1 updated - postgresql14-contrib-14.20-150600.16.23.1 updated - container:suse-manager-5.0-init-5.0.6-5.0.6-7.27.8 added - container:suse-manager-5.0-init-5.0.5.1-5.0.5.1-7.24.10 removed From sle-container-updates at lists.suse.com Fri Dec 19 08:28:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:11 +0100 (CET) Subject: SUSE-CU-2025:9184-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-httpd Message-ID: <20251219082811.413C6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9184-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.1.1.8.12.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest Container Release : 8.12.1 Severity : critical Type : security References : 1224386 1227207 1231055 1232526 1233529 1237236 1237240 1237241 1237242 1238491 1239566 1239938 1240788 1243381 1243794 1243991 1244050 1245190 1245199 1247498 1247990 1248501 1249055 1249359 1250514 1250520 1250754 1250755 1251305 1251776 1251864 1251912 1251913 1251928 1252160 1252244 1252285 1252425 1252974 1253024 1253043 1253741 1253757 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-6075 CVE-2025-61911 CVE-2025-61912 CVE-2025-62348 CVE-2025-62349 CVE-2025-7039 CVE-2025-8291 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4358-1 Released: Thu Dec 11 04:04:56 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4454-1 Released: Thu Dec 18 09:51:52 2025 Summary: Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1227207,1247990,1250514,1250520,1250755,1251776,1251864,1251912,1251913,1251928,1252244,1252285,1253024,CVE-2025-61911,CVE-2025-61912,CVE-2025-62348,CVE-2025-62349 Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libelf1-0.185-150400.5.8.3 updated - libreadline7-7.0-150400.27.6.1 updated - libdw1-0.185-150400.5.8.3 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libudev1-254.27-150600.4.46.2 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libsolv-tools-base-0.7.35-150700.11.5.2 updated - curl-8.14.1-150700.7.5.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libkmod2-29-150600.13.3.1 updated - release-notes-multi-linux-manager-proxy-5.1.1.1-150700.4.6.1 updated - selinux-tools-3.5-150600.3.3.1 updated - libsystemd0-254.27-150600.4.46.2 updated - python3-base-3.6.15-150300.10.100.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - apache2-prefork-2.4.62-150700.4.6.1 updated - python3-3.6.15-150300.10.100.1 updated - systemd-254.27-150600.4.46.2 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - apache2-2.4.62-150700.4.6.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:13 +0100 (CET) Subject: SUSE-CU-2025:9185-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker Message-ID: <20251219082813.4F8BEFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9185-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.1.1.9.10.2 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest Container Release : 9.10.2 Severity : critical Type : security References : 1224386 1231055 1232526 1233529 1237236 1237240 1237241 1237242 1238491 1239566 1239938 1240788 1243381 1243794 1243991 1244050 1245190 1245199 1247498 1248501 1249055 1250754 1251305 1252160 1252425 1252974 1253043 1253757 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-6075 CVE-2025-7039 CVE-2025-8291 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libelf1-0.185-150400.5.8.3 updated - libreadline7-7.0-150400.27.6.1 updated - libdw1-0.185-150400.5.8.3 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libudev1-254.27-150600.4.46.2 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libsolv-tools-base-0.7.35-150700.11.5.2 updated - curl-8.14.1-150700.7.5.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:15 +0100 (CET) Subject: SUSE-CU-2025:9186-1: Recommended update of suse/multi-linux-manager/5.1/x86_64/proxy-squid Message-ID: <20251219082815.4646EFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9186-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:5.1.1.1.8.10.1 , suse/multi-linux-manager/5.1/x86_64/proxy-squid:latest Container Release : 8.10.1 Severity : important Type : recommended References : 1232526 1233529 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1247498 1252160 1253043 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:17 +0100 (CET) Subject: SUSE-CU-2025:9187-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-ssh Message-ID: <20251219082817.4E764FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9187-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:5.1.1.1.8.10.1 , suse/multi-linux-manager/5.1/x86_64/proxy-ssh:latest Container Release : 8.10.1 Severity : important Type : security References : 1224386 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1248501 1251198 1251199 1251305 1252160 1252974 1253043 CVE-2025-6075 CVE-2025-61984 CVE-2025-61985 CVE-2025-8291 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libudev1-254.27-150600.4.46.2 updated - libselinux1-3.5-150600.3.3.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - openssh-fips-9.6p1-150600.6.34.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-9.6p1-150600.6.34.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:19 +0100 (CET) Subject: SUSE-CU-2025:9188-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-tftpd Message-ID: <20251219082819.5BA7CFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9188-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:5.1.1.1.8.10.1 , suse/multi-linux-manager/5.1/x86_64/proxy-tftpd:latest Container Release : 8.10.1 Severity : important Type : security References : 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1251305 1252160 1252974 1253043 CVE-2025-6075 CVE-2025-8291 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:21 +0100 (CET) Subject: SUSE-CU-2025:9189-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-attestation Message-ID: <20251219082821.7F426FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9189-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:5.1.1.1.8.12.1 , suse/multi-linux-manager/5.1/x86_64/server-attestation:latest Container Release : 8.12.1 Severity : important Type : security References : 1224386 1232526 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1246806 1247985 1248501 1250399 1252148 1252160 1252414 1252417 1253043 CVE-2025-53057 CVE-2025-53066 CVE-2025-59432 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3997-1 Released: Fri Nov 7 16:50:17 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4054-1 Released: Tue Nov 11 15:04:28 2025 Summary: Security update for ongres-scram Type: security Severity: moderate References: 1250399,CVE-2025-59432 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - liblcms2-2-2.15-150600.3.3.2 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - libsystemd0-254.27-150600.4.46.2 updated - libfreetype6-2.10.4-150000.4.25.1 updated - java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated - ongres-scram-2.1-150400.8.5.1 updated - ongres-scram-client-2.1-150400.8.5.1 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:23 +0100 (CET) Subject: SUSE-CU-2025:9190-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api Message-ID: <20251219082823.8C04BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9190-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.1.1.8.10.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:latest Container Release : 8.10.1 Severity : important Type : security References : 1224386 1232526 1233529 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1247498 1248501 1249055 1252160 1253043 1253741 1253757 CVE-2025-11563 CVE-2025-7039 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] The following package changes have been done: - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libudev1-254.27-150600.4.46.2 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - libkmod2-29-150600.13.3.1 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:28:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:25 +0100 (CET) Subject: SUSE-CU-2025:9191-1: Security update of suse/multi-linux-manager/5.1/x86_64/server Message-ID: <20251219082825.EC5D2FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9191-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/server:5.1.1.1.8.10.2 , suse/multi-linux-manager/5.1/x86_64/server:latest Container Release : 8.10.2 Severity : critical Type : security References : 1040589 1224386 1227207 1229750 1231055 1232526 1233529 1236632 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1238491 1239566 1239938 1240788 1240870 1241901 1241916 1243381 1243756 1243760 1243794 1243991 1244050 1245190 1245953 1246481 1246486 1246691 1246806 1247105 1247114 1247117 1247498 1247985 1247990 1248501 1249055 1249359 1250399 1250514 1250520 1250553 1250593 1250632 1250754 1250755 1251198 1251199 1251275 1251276 1251277 1251305 1251305 1251776 1251794 1251795 1251827 1251864 1251912 1251913 1251928 1251979 1252097 1252148 1252160 1252244 1252250 1252285 1252378 1252379 1252380 1252414 1252417 1252425 1252753 1252756 1252905 1252930 1252931 1252932 1252933 1252934 1252935 1252974 1252974 1253024 1253043 1253332 1253332 1253333 1253333 1253460 1253741 1253757 1254132 510058 CVE-2025-0840 CVE-2025-10911 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-11561 CVE-2025-11563 CVE-2025-11731 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-12817 CVE-2025-12817 CVE-2025-12818 CVE-2025-12818 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-3198 CVE-2025-40778 CVE-2025-40780 CVE-2025-5244 CVE-2025-5245 CVE-2025-53057 CVE-2025-53066 CVE-2025-54770 CVE-2025-54771 CVE-2025-55752 CVE-2025-55754 CVE-2025-59419 CVE-2025-59432 CVE-2025-6075 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61795 CVE-2025-61911 CVE-2025-61912 CVE-2025-61984 CVE-2025-61985 CVE-2025-62348 CVE-2025-62349 CVE-2025-7039 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 CVE-2025-8291 CVE-2025-8291 CVE-2025-8677 CVE-2025-9820 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3903-1 Released: Fri Oct 31 18:08:19 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: Upgrade to release 9.20.15: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3997-1 Released: Fri Nov 7 16:50:17 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4054-1 Released: Tue Nov 11 15:04:28 2025 Summary: Security update for ongres-scram Type: security Severity: moderate References: 1250399,CVE-2025-59432 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4085-1 Released: Wed Nov 12 15:39:17 2025 Summary: Recommended update for openldap2_5 Type: recommended Severity: moderate References: 1241901 This update for openldap2_5 fixes the following issues: Version update 2.5.20 - Enabling LTO objects for static libraries compilation. - Upstream patch rollup (bsc#1241901). - Re-enable libldapcpp for yast2-users. - Add provides for openldap2-devel. - added ppolicy-check-password module (jsc#PED-13741) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4087-1 Released: Wed Nov 12 20:35:10 2025 Summary: Security update for netty, netty-tcnative Type: security Severity: moderate References: 1252097,CVE-2025-59419 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery (bsc#1252097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4159-1 Released: Fri Nov 21 15:31:48 2025 Summary: Security update for tomcat Type: security Severity: important References: 1252753,1252756,1252905,CVE-2025-55752,CVE-2025-55754,CVE-2025-61795 This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753) - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905) - CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4183-1 Released: Mon Nov 24 08:56:33 2025 Summary: Security update for sssd Type: security Severity: important References: 1251827,CVE-2025-11561 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4297-1 Released: Fri Nov 28 11:03:19 2025 Summary: Security update for python311 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4304-1 Released: Fri Nov 28 14:14:06 2025 Summary: Recommended update for tomcat Type: recommended Severity: important References: 1253460 This update for tomcat fixes the following issues: - make catalina.sh %config(noreplace) (bsc#1253460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4305-1 Released: Fri Nov 28 14:33:33 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1245953,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) Other fixes: - Bump upstream SBAT generation to 6 - Fixed timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4349-1 Released: Wed Dec 10 14:52:11 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4358-1 Released: Thu Dec 11 04:04:56 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4376-1 Released: Fri Dec 12 10:36:45 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1246691,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - systemd fails to start lvmlockd with sanlock running (bsc#1246691). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4388-1 Released: Fri Dec 12 14:36:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4454-1 Released: Thu Dec 18 09:51:52 2025 Summary: Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1227207,1247990,1250514,1250520,1250755,1251776,1251864,1251912,1251913,1251928,1252244,1252285,1253024,CVE-2025-61911,CVE-2025-61912,CVE-2025-62348,CVE-2025-62349 Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - susemanager-sync-data-5.1.6-150700.3.3.1 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libudev1-254.27-150600.4.46.2 updated - libselinux1-3.5-150600.3.3.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libcurl4-8.14.1-150700.7.5.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - libsolv-tools-base-0.7.35-150700.11.5.2 updated - curl-8.14.1-150700.7.5.1 updated - libkmod2-29-150600.13.3.1 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - libX11-data-1.8.10-150700.4.3.1 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libdevmapper1_03-2.03.24_1.02.198-150700.7.3.3 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libipa_hbac0-2.9.3-150700.9.9.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblcms2-2-2.15-150600.3.3.2 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libpq5-18.1-150600.13.3.1 updated - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - libsolv-tools-0.7.35-150700.11.5.2 updated - libsss_idmap0-2.9.3-150700.9.9.1 updated - libsss_nss_idmap0-2.9.3-150700.9.9.1 updated - libxslt1-1.1.34-150400.3.13.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - python311-base-3.11.14-150600.3.38.1 updated - libpython3_11-1_0-3.11.14-150600.3.38.1 updated - release-notes-multi-linux-manager-5.1.1.1-150700.5.10.1 updated - selinux-tools-3.5-150600.3.3.1 updated - susemanager-schema-utility-5.1.13-150700.3.6.2 updated - uyuni-config-modules-5.1.18-150700.3.14.1 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - cyrus-sasl-2.1.28-150600.7.14.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - python3-curses-3.6.15-150300.10.100.1 updated - libldap-2_5-0-2.5.20+10-150500.11.35.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - postgresql-18-150700.23.3.1 updated - postgresql16-16.11-150600.16.25.1 updated - libsss_certmap0-2.9.3-150700.9.9.1 updated - bind-utils-9.20.15-150700.3.12.1 updated - libxslt-tools-1.1.34-150400.3.13.1 updated - openssh-fips-9.6p1-150600.6.34.1 updated - python311-3.11.14-150600.3.38.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - spacewalk-java-lib-5.1.21-150700.3.8.6 updated - libX11-6-1.8.10-150700.4.3.1 updated - vim-9.1.1629-150500.20.38.1 updated - apache2-prefork-2.4.62-150700.4.6.1 updated - cyrus-sasl-gssapi-2.1.28-150600.7.14.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.7.14.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - python3-solv-0.7.35-150700.11.5.2 updated - susemanager-schema-5.1.13-150700.3.6.2 updated - apache2-2.4.62-150700.4.6.1 updated - openssh-9.6p1-150600.6.34.1 updated - grub2-2.12-150700.19.19.1 updated - grub2-i386-pc-2.12-150700.19.19.1 updated - sssd-ldap-2.9.3-150700.9.9.1 updated - sssd-2.9.3-150700.9.9.1 updated - sssd-krb5-common-2.9.3-150700.9.9.1 updated - java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated - grub2-x86_64-efi-2.12-150700.19.19.1 updated - grub2-powerpc-ieee1275-2.12-150700.19.19.1 updated - grub2-arm64-efi-2.12-150700.19.19.1 updated - sssd-krb5-2.9.3-150700.9.9.1 updated - sssd-dbus-2.9.3-150700.9.9.1 updated - python3-sssd-config-2.9.3-150700.9.9.1 updated - sssd-ad-2.9.3-150700.9.9.1 updated - tomcat-servlet-4_0-api-9.0.111-150200.99.1 updated - tomcat-el-3_0-api-9.0.111-150200.99.1 updated - python311-ldap-3.4.5-150700.3.1 updated - java-17-openjdk-17.0.17.0-150400.3.60.2 updated - spacewalk-base-minimal-5.1.16-150700.3.6.3 updated - sssd-tools-2.9.3-150700.9.9.1 updated - sssd-ipa-2.9.3-150700.9.9.1 updated - tomcat-jsp-2_3-api-9.0.111-150200.99.1 updated - netty-4.1.128-150200.4.37.1 updated - python3-firewall-1.3.4-150600.13.3.1 updated - spacewalk-base-minimal-config-5.1.16-150700.3.6.3 updated - tomcat-lib-9.0.111-150200.99.1 updated - ongres-scram-2.1-150400.8.5.1 updated - firewalld-1.3.4-150600.13.3.1 updated - spacewalk-base-5.1.16-150700.3.6.3 updated - ongres-scram-client-2.1-150400.8.5.1 updated - salt-3006.0-150700.14.9.4 updated - python311-salt-3006.0-150700.14.9.4 updated - salt-master-3006.0-150700.14.9.4 updated - tomcat-9.0.111-150200.99.1 updated - salt-api-3006.0-150700.14.9.4 updated - spacewalk-java-postgresql-5.1.21-150700.3.8.6 updated - spacewalk-java-config-5.1.21-150700.3.8.6 updated - spacewalk-taskomatic-5.1.21-150700.3.8.6 updated - spacewalk-java-5.1.21-150700.3.8.6 updated - spacewalk-html-5.1.16-150700.3.6.3 updated - susemanager-sls-5.1.18-150700.3.14.1 updated - container:suse-multi-linux-manager-5.1-init-5.1.1.1-5.1.1.1-8.10.1 added - container:suse-multi-linux-manager-5.1-init-5.1.1-5.1.1-8.7.1 removed From sle-container-updates at lists.suse.com Fri Dec 19 08:28:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 09:28:28 +0100 (CET) Subject: SUSE-CU-2025:9192-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 Message-ID: <20251219082828.10365FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9192-1 Container Tags : suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:5.1.1.1.8.10.2 , suse/multi-linux-manager/5.1/x86_64/server-migration-14-16:latest Container Release : 8.10.2 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1224386 1232526 1233529 1238491 1239566 1239938 1240788 1243794 1243991 1244050 1245199 1245309 1245310 1245311 1245314 1246197 1246974 1247498 1248501 1249191 1249348 1249367 1249375 1250553 1251264 1251305 1251979 1252160 1252974 1253043 1253332 1253332 1253332 1253333 1253333 1253333 1253757 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2025-10148 CVE-2025-10911 CVE-2025-11563 CVE-2025-11731 CVE-2025-12817 CVE-2025-12817 CVE-2025-12817 CVE-2025-12818 CVE-2025-12818 CVE-2025-12818 CVE-2025-4877 CVE-2025-4878 CVE-2025-5318 CVE-2025-5372 CVE-2025-6075 CVE-2025-8114 CVE-2025-8277 CVE-2025-8291 CVE-2025-9086 ----------------------------------------------------------------- The container suse/multi-linux-manager/5.1/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2229-1 Released: Fri Jul 4 18:02:30 2025 Summary: Security update for libssh Type: security Severity: important References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3268-1 Released: Thu Sep 18 13:08:10 2025 Summary: Security update for curl Type: security Severity: important References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3369-1 Released: Fri Sep 26 12:54:43 2025 Summary: Security update for libssh Type: security Severity: moderate References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3596-1 Released: Wed Oct 15 09:51:21 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1251264 This update for curl fixes the following issue: - rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4300-1 Released: Fri Nov 28 13:57:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4371-1 Released: Thu Dec 11 20:04:44 2025 Summary: Security update for postgresql14 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql14 fixes the following issues: Upgraded to 14.20: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4388-1 Released: Fri Dec 12 14:36:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. The following package changes have been done: - libssh-config-0.9.8-150600.11.6.1 added - libsasl2-3-2.1.28-150600.7.14.1 updated - libunistring2-0.9.10-1.1 added - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libidn2-0-2.2.0-3.6.1 added - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libpsl5-0.20.1-150000.3.3.1 added - libnghttp2-14-1.64.0-150700.1.5 added - libbrotlicommon1-1.0.7-150200.3.5.1 added - libbrotlidec1-1.0.7-150200.3.5.1 added - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libselinux1-3.5-150600.3.3.1 updated - libssh4-0.9.8-150600.11.6.1 added - libcurl4-8.14.1-150700.7.5.1 added - libsystemd0-254.27-150600.4.46.2 updated - libpq5-18.1-150600.13.3.1 updated - libxslt1-1.1.34-150400.3.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - postgresql-18-150700.23.3.1 updated - postgresql14-14.20-150600.16.23.1 updated - postgresql16-16.11-150600.16.25.1 updated - postgresql-server-18-150700.23.3.1 updated - postgresql14-server-14.20-150600.16.23.1 updated - postgresql16-server-16.11-150600.16.25.1 updated - postgresql-contrib-18-150700.23.3.1 updated - postgresql14-contrib-14.20-150600.16.23.1 updated - postgresql16-contrib-16.11-150600.16.25.1 updated - container:suse-multi-linux-manager-5.1-init-5.1.1.1-5.1.1.1-8.10.1 added - container:suse-multi-linux-manager-5.1-init-5.1.1-5.1.1-8.7.1 removed From sle-container-updates at lists.suse.com Sat Dec 20 08:04:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:04:58 +0100 (CET) Subject: SUSE-CU-2025:9256-1: Security update of private-registry/harbor-portal Message-ID: <20251220080458.19227FB9C@maintenance.suse.de> SUSE Container Update Advisory: private-registry/harbor-portal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9256-1 Container Tags : private-registry/harbor-portal:1.1.0 , private-registry/harbor-portal:1.1.0-1.2 , private-registry/harbor-portal:latest Container Release : 1.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container private-registry/harbor-portal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - system-user-harbor-2.14.1-150700.1.2 updated - harbor-portal-2.14.1-150700.1.2 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:06:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:06:26 +0100 (CET) Subject: SUSE-IU-2025:3988-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251220080626.B9F67FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3988-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.38 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.38 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 355 Released: Fri Dec 19 15:37:03 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-slfo.1.1_2.1 updated - libsystemd0-254.27-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.72 updated - systemd-254.27-slfo.1.1_2.1 updated - udev-254.27-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.1-5.59 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:07:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:07:13 +0100 (CET) Subject: SUSE-IU-2025:3989-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20251220080713.3ABD6FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3989-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.59 , suse/sl-micro/6.1/base-os-container:latest Image Release : 5.59 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 355 Released: Fri Dec 19 15:37:03 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-slfo.1.1_2.1 updated - libsystemd0-254.27-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.72 updated - systemd-254.27-slfo.1.1_2.1 updated - udev-254.27-slfo.1.1_2.1 updated - container:suse-toolbox-image-1.0.0-4.93 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:08:07 +0100 (CET) Subject: SUSE-IU-2025:3990-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20251220080807.BE6C6FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3990-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.61 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 5.61 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 355 Released: Fri Dec 19 15:37:03 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-slfo.1.1_2.1 updated - libsystemd0-254.27-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.72 updated - systemd-254.27-slfo.1.1_2.1 updated - udev-254.27-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.1-5.59 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:08:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:08:58 +0100 (CET) Subject: SUSE-IU-2025:3991-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20251220080858.03664FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3991-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.1 , suse/sl-micro/6.1/rt-os-container:2.2.1-5.51 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 5.51 Severity : important Type : recommended References : 1224386 1244449 1245551 1248356 1248501 1254563 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 355 Released: Fri Dec 19 15:37:03 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1224386,1244449,1245551,1248356,1248501,1254563 This update for systemd fixes the following issues: - timer: rebase last_trigger timestamp if needed - timer: rebase the next elapse timestamp only if timer didn't already run - timer: don't run service immediately after restart of a timer (bsc#1254563) - test: check the next elapse timer timestamp after deserialization - test: restarting elapsed timer shouldn't trigger the corresponding service - units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356) - units: add dep on systemd-logind.service by user at .service - detect-virt: add bare-metal support for GCE (bsc#1244449) - Sync systemd-update-helper with the version shipped in Base:System - systemd-update-helper: do not stop or disable services when they are migrated to other packages. This can occur during package renaming or splitting. - systemd-update-helper: Fix invalid use of 'break' in case statement - systemd-update-helper: fix regression introduced when support for package renaming/splitting was added (bsc#1245551) - systemd-update-helper: * Since user at .service has `Type=notify-reload` and reloading implies reexecuting with `ReloadSignal=RTMIN+25`, reexecuting user managers synchronously can be achieved with `systemctl reload user@*.service' now. - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre (bsc#1248501) - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) The following package changes have been done: - libudev1-254.27-slfo.1.1_2.1 updated - libsystemd0-254.27-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.72 updated - systemd-254.27-slfo.1.1_2.1 updated - udev-254.27-slfo.1.1_2.1 updated - container:SL-Micro-container-2.2.1-7.38 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:14:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:14:48 +0100 (CET) Subject: SUSE-IU-2025:3998-1: Recommended update of suse/sl-micro/6.2/kvm-os-container Message-ID: <20251220081448.D654DFB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:3998-1 Image Tags : suse/sl-micro/6.2/kvm-os-container:2.3.0 , suse/sl-micro/6.2/kvm-os-container:2.3.0-6.20 , suse/sl-micro/6.2/kvm-os-container:latest Image Release : 6.20 Severity : important Type : recommended References : 1224868 1235463 1243474 1245193 1245431 1245498 1245499 1246328 1246843 1247500 1248792 1249256 1249397 1249912 1249977 1249982 1250034 1250176 1250237 1250252 1250705 1250723 1250746 1251120 1251817 1252054 1252063 1252301 1252303 1252342 1252352 1252357 1252681 1252686 1252763 1252776 1252779 1252790 1252794 1252795 1252808 1252809 1252817 1252821 1252824 1252836 1252845 1252901 1252912 1252917 1252919 1252923 1252928 1253018 1253155 1253176 1253238 1253275 1253318 1253324 1253328 1253330 1253342 1253348 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253386 1253394 1253395 1253402 1253403 1253405 1253407 1253408 1253409 1253410 1253412 1253416 1253421 1253422 1253423 1253424 1253425 1253426 1253427 1253428 1253431 1253433 1253436 1253438 1253440 1253441 1253443 1253445 1253448 1253449 1253450 1253451 1253453 1253455 1253456 1253457 1253463 1253472 1253622 1253624 1253635 1253643 1253647 1254119 1254181 1254221 1254308 1254315 CVE-2022-50253 CVE-2025-37916 CVE-2025-38084 CVE-2025-38085 CVE-2025-38321 CVE-2025-38728 CVE-2025-39805 CVE-2025-39819 CVE-2025-39822 CVE-2025-39831 CVE-2025-39859 CVE-2025-39897 CVE-2025-39917 CVE-2025-39944 CVE-2025-39961 CVE-2025-39980 CVE-2025-39990 CVE-2025-40001 CVE-2025-40003 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40031 CVE-2025-40033 CVE-2025-40038 CVE-2025-40047 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40086 CVE-2025-40098 CVE-2025-40101 CVE-2025-40102 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40132 CVE-2025-40133 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40142 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40161 CVE-2025-40162 CVE-2025-40164 CVE-2025-40165 CVE-2025-40166 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40175 CVE-2025-40176 CVE-2025-40177 CVE-2025-40178 CVE-2025-40180 CVE-2025-40183 CVE-2025-40185 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40192 CVE-2025-40194 CVE-2025-40196 CVE-2025-40197 CVE-2025-40198 CVE-2025-40200 CVE-2025-40201 CVE-2025-40202 CVE-2025-40203 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 ----------------------------------------------------------------- The container suse/sl-micro/6.2/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868,1235463,1243474,1245193,1245431,1245498,1245499,1246328,1246843,1247500,1248792,1249256,1249397,1249912,1249977,1249982,1250034,1250176,1250237,1250252,1250705,1250723,1250746,1251120,1251817,1252054,1252063,1252301,1252303,1252342,1252352,1252357,1252681,1252686,1252763,1252776,1252779,1252790,1252794,1252795,1252808,1252809,1252817,1252821,1252824,1252836,1252845,1252901,1252912,1252917,1252919,1252923,1252928,1253018,1253155,1253176,1253238,1253275,1253318,1253324,1253328,1253330,1253342,1253348,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253386,1253394,1253395,1253402,1253403,1253405,1253407,1253408,1253409,1253410,1253412,1253416,1253421,1253422,1253423,1253424,1253425,1253426,1253427,1253428,1253431,1253433,1253436,1253438,1253440,1253441,1253443,1253445,1253448,1253449,1253450,1253451,1253453,1253455,1253456,1253457,1253463,1253472,1253622,1253624,1253635,1253643,1253647,1254119,1254181,1254221,1254308,1254315,CVE-2022-50253,CVE-2025-3 7916,CVE-2025-38084,CVE-2025-38085,CVE-2025-38321,CVE-2025-38728,CVE-2025-39805,CVE-2025-39819,CVE-2025-39822,CVE-2025-39831,CVE-2025-39859,CVE-2025-39897,CVE-2025-39917,CVE-2025-39944,CVE-2025-39961,CVE-2025-39980,CVE-2025-39990,CVE-2025-40001,CVE-2025-40003,CVE-2025-40006,CVE-2025-40021,CVE-2025-40024,CVE-2025-40027,CVE-2025-40031,CVE-2025-40033,CVE-2025-40038,CVE-2025-40047,CVE-2025-40053,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40081,CVE-2025-40083,CVE-2025-40086,CVE-2025-40098,CVE-2025-40101,CVE-2025-40102,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40132,CVE-2025-40133,CVE-2025-40134,CVE-2025-40135,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40142,CVE-2025-40149,CVE-2025-40153,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40158,CVE-2025-40159,CVE-2025-40161,CV E-2025-40162,CVE-2025-40164,CVE-2025-40165,CVE-2025-40166,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40175,CVE-2025-40176,CVE-2025-40177,CVE-2025-40178,CVE-2025-40180,CVE-2025-40183,CVE-2025-40185,CVE-2025-40186,CVE-2025-40187,CVE-2025-40188,CVE-2025-40192,CVE-2025-40194,CVE-2025-40196,CVE-2025-40197,CVE-2025-40198,CVE-2025-40200,CVE-2025-40201,CVE-2025-40202,CVE-2025-40203,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - kernel-default-base-6.12.0-160000.8.1.160000.2.5 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:15:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:15:11 +0100 (CET) Subject: SUSE-IU-2025:4003-1: Recommended update of suse/sl-micro/6.2/rt-os-container Message-ID: <20251220081511.94010FB9B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.2/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4003-1 Image Tags : suse/sl-micro/6.2/rt-os-container:2.3.0 , suse/sl-micro/6.2/rt-os-container:2.3.0-5.22 , suse/sl-micro/6.2/rt-os-container:latest Image Release : 5.22 Severity : important Type : recommended References : 1224868 1235463 1243474 1245193 1245431 1245498 1245499 1246328 1246843 1247500 1248792 1249256 1249397 1249912 1249977 1249982 1250034 1250176 1250237 1250252 1250705 1250723 1250746 1251120 1251817 1252054 1252063 1252301 1252303 1252342 1252352 1252357 1252681 1252686 1252763 1252776 1252779 1252790 1252794 1252795 1252808 1252809 1252817 1252821 1252824 1252836 1252845 1252901 1252912 1252917 1252919 1252923 1252928 1253018 1253155 1253176 1253238 1253275 1253318 1253324 1253328 1253330 1253342 1253348 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253386 1253394 1253395 1253402 1253403 1253405 1253407 1253408 1253409 1253410 1253412 1253416 1253421 1253422 1253423 1253424 1253425 1253426 1253427 1253428 1253431 1253433 1253436 1253438 1253440 1253441 1253443 1253445 1253448 1253449 1253450 1253451 1253453 1253455 1253456 1253457 1253463 1253472 1253622 1253624 1253635 1253643 1253647 1254119 1254181 1254221 1254308 1254315 CVE-2022-50253 CVE-2025-37916 CVE-2025-38084 CVE-2025-38085 CVE-2025-38321 CVE-2025-38728 CVE-2025-39805 CVE-2025-39819 CVE-2025-39822 CVE-2025-39831 CVE-2025-39859 CVE-2025-39897 CVE-2025-39917 CVE-2025-39944 CVE-2025-39961 CVE-2025-39980 CVE-2025-39990 CVE-2025-40001 CVE-2025-40003 CVE-2025-40006 CVE-2025-40021 CVE-2025-40024 CVE-2025-40027 CVE-2025-40031 CVE-2025-40033 CVE-2025-40038 CVE-2025-40047 CVE-2025-40053 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40081 CVE-2025-40083 CVE-2025-40086 CVE-2025-40098 CVE-2025-40101 CVE-2025-40102 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40132 CVE-2025-40133 CVE-2025-40134 CVE-2025-40135 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40142 CVE-2025-40149 CVE-2025-40153 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40158 CVE-2025-40159 CVE-2025-40161 CVE-2025-40162 CVE-2025-40164 CVE-2025-40165 CVE-2025-40166 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40175 CVE-2025-40176 CVE-2025-40177 CVE-2025-40178 CVE-2025-40180 CVE-2025-40183 CVE-2025-40185 CVE-2025-40186 CVE-2025-40187 CVE-2025-40188 CVE-2025-40192 CVE-2025-40194 CVE-2025-40196 CVE-2025-40197 CVE-2025-40198 CVE-2025-40200 CVE-2025-40201 CVE-2025-40202 CVE-2025-40203 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 ----------------------------------------------------------------- The container suse/sl-micro/6.2/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868,1235463,1243474,1245193,1245431,1245498,1245499,1246328,1246843,1247500,1248792,1249256,1249397,1249912,1249977,1249982,1250034,1250176,1250237,1250252,1250705,1250723,1250746,1251120,1251817,1252054,1252063,1252301,1252303,1252342,1252352,1252357,1252681,1252686,1252763,1252776,1252779,1252790,1252794,1252795,1252808,1252809,1252817,1252821,1252824,1252836,1252845,1252901,1252912,1252917,1252919,1252923,1252928,1253018,1253155,1253176,1253238,1253275,1253318,1253324,1253328,1253330,1253342,1253348,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253386,1253394,1253395,1253402,1253403,1253405,1253407,1253408,1253409,1253410,1253412,1253416,1253421,1253422,1253423,1253424,1253425,1253426,1253427,1253428,1253431,1253433,1253436,1253438,1253440,1253441,1253443,1253445,1253448,1253449,1253450,1253451,1253453,1253455,1253456,1253457,1253463,1253472,1253622,1253624,1253635,1253643,1253647,1254119,1254181,1254221,1254308,1254315,CVE-2022-50253,CVE-2025-3 7916,CVE-2025-38084,CVE-2025-38085,CVE-2025-38321,CVE-2025-38728,CVE-2025-39805,CVE-2025-39819,CVE-2025-39822,CVE-2025-39831,CVE-2025-39859,CVE-2025-39897,CVE-2025-39917,CVE-2025-39944,CVE-2025-39961,CVE-2025-39980,CVE-2025-39990,CVE-2025-40001,CVE-2025-40003,CVE-2025-40006,CVE-2025-40021,CVE-2025-40024,CVE-2025-40027,CVE-2025-40031,CVE-2025-40033,CVE-2025-40038,CVE-2025-40047,CVE-2025-40053,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40081,CVE-2025-40083,CVE-2025-40086,CVE-2025-40098,CVE-2025-40101,CVE-2025-40102,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40132,CVE-2025-40133,CVE-2025-40134,CVE-2025-40135,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40142,CVE-2025-40149,CVE-2025-40153,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40158,CVE-2025-40159,CVE-2025-40161,CV E-2025-40162,CVE-2025-40164,CVE-2025-40165,CVE-2025-40166,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40175,CVE-2025-40176,CVE-2025-40177,CVE-2025-40178,CVE-2025-40180,CVE-2025-40183,CVE-2025-40185,CVE-2025-40186,CVE-2025-40187,CVE-2025-40188,CVE-2025-40192,CVE-2025-40194,CVE-2025-40196,CVE-2025-40197,CVE-2025-40198,CVE-2025-40200,CVE-2025-40201,CVE-2025-40202,CVE-2025-40203,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - kernel-rt-6.12.0-160000.8.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:20:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:20:48 +0100 (CET) Subject: SUSE-CU-2025:9311-1: Security update of suse/kiosk/firefox-esr Message-ID: <20251220082048.B4DD6FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9311-1 Container Tags : suse/kiosk/firefox-esr:140.6 , suse/kiosk/firefox-esr:140.6-69.23 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 69.23 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:21:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:21:09 +0100 (CET) Subject: SUSE-CU-2025:9312-1: Security update of suse/nginx Message-ID: <20251220082109.7085AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9312-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-69.2 , suse/nginx:latest Container Release : 69.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:21:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:21:32 +0100 (CET) Subject: SUSE-CU-2025:9313-1: Security update of bci/openjdk-devel Message-ID: <20251220082132.0598DFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9313-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.17.0 , bci/openjdk-devel:17.0.17.0-15.2 Container Release : 15.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - container:bci-openjdk-17-15.7.17-14.2 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:21:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:21:52 +0100 (CET) Subject: SUSE-CU-2025:9314-1: Security update of bci/openjdk Message-ID: <20251220082152.64A20FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9314-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.17.0 , bci/openjdk:17.0.17.0-14.2 Container Release : 14.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:22:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:22:13 +0100 (CET) Subject: SUSE-CU-2025:9315-1: Security update of bci/openjdk-devel Message-ID: <20251220082213.EFFFEFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9315-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.9.0 , bci/openjdk-devel:21.0.9.0-19.2 Container Release : 19.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - container:bci-openjdk-21-15.7.21-18.2 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:22:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:22:33 +0100 (CET) Subject: SUSE-CU-2025:9316-1: Security update of bci/openjdk Message-ID: <20251220082233.BBBCFFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9316-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.9.0 , bci/openjdk:21.0.9.0-18.2 Container Release : 18.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:22:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:22:36 +0100 (CET) Subject: SUSE-CU-2025:9317-1: Security update of bci/openjdk-devel Message-ID: <20251220082236.A0875FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9317-1 Container Tags : bci/openjdk-devel:25 , bci/openjdk-devel:25.0.1.0 , bci/openjdk-devel:25.0.1.0-3.2 , bci/openjdk-devel:latest Container Release : 3.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - container:bci-openjdk-25-15.7.25-3.2 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:22:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:22:39 +0100 (CET) Subject: SUSE-CU-2025:9318-1: Security update of bci/openjdk Message-ID: <20251220082239.3FDE2FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9318-1 Container Tags : bci/openjdk:25 , bci/openjdk:25.0.1.0 , bci/openjdk:25.0.1.0-3.2 , bci/openjdk:latest Container Release : 3.2 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:22:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:22:58 +0100 (CET) Subject: SUSE-CU-2025:9319-1: Security update of suse/kiosk/pulseaudio Message-ID: <20251220082258.2DF89FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9319-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-67.18 , suse/kiosk/pulseaudio:latest Container Release : 67.18 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:23:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:23:15 +0100 (CET) Subject: SUSE-CU-2025:9320-1: Recommended update of suse/rmt-server Message-ID: <20251220082315.118E1FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9320-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.24 , suse/rmt-server:2.24-77.10 , suse/rmt-server:latest Container Release : 77.10 Severity : important Type : recommended References : 1246976 1248510 1248869 1251937 1253953 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4497-1 Released: Fri Dec 19 15:58:31 2025 Summary: Recommended update for rmt-server Type: recommended Severity: important References: 1246976,1248510,1248869,1251937,1253953 This update for rmt-server contains the following fixes: - Version 2.24: * Enable mirroring xz compressed repositories. (bsc#1246976) * Rack 2.2.20 security update. (bsc#1253953, bsc#1251937) * Drop some de-published products from RMT * rmt-server-pubcloud: * Do not decode instance data coming from the system; (bsc#1248510) * Include Live-Patching for SLES 15.X. (jsc#PCT-630) * Handle only one data exporter. (bsc#1248869) * Do not decode instance data from db to access registry. (bsc#1248510) * Handle instance verification exceptions The following package changes have been done: - rmt-server-config-2.24-150700.3.9.3 updated - rmt-server-2.24-150700.3.9.3 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:23:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:23:25 +0100 (CET) Subject: SUSE-CU-2025:9321-1: Security update of suse/kiosk/xorg-client Message-ID: <20251220082325.4E1EFFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9321-1 Container Tags : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.13 , suse/kiosk/xorg-client:latest Container Release : 69.13 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/kiosk/xorg-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Sat Dec 20 08:23:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Dec 2025 09:23:44 +0100 (CET) Subject: SUSE-CU-2025:9322-1: Security update of suse/kiosk/xorg Message-ID: <20251220082344.C72D2FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9322-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-72.3 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 72.3 Severity : important Type : security References : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4494-1 Released: Fri Dec 19 14:14:12 2025 Summary: Security update for libpng16 Type: security Severity: important References: 1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) The following package changes have been done: - libpng16-16-1.6.40-150600.3.3.1 updated From sle-container-updates at lists.suse.com Tue Dec 23 08:05:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Dec 2025 09:05:40 +0100 (CET) Subject: SUSE-IU-2025:4009-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20251223080540.5C29AFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4009-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.230 , suse/sle-micro/base-5.5:latest Image Release : 5.8.230 Severity : important Type : security References : 1233640 1249806 1251786 1252033 1252267 1252780 1252862 1253367 1253431 1253436 1254297 1254662 1254878 CVE-2022-50280 CVE-2023-53676 CVE-2024-53093 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-40040 CVE-2025-40048 CVE-2025-40121 CVE-2025-40154 CVE-2025-40204 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4506-1 Released: Mon Dec 22 17:38:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - Fix type signess in fbcon_set_font() (bsc#1252033). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). The following package changes have been done: - kernel-default-5.14.21-150500.55.130.3 updated - libglib-2_0-0-2.70.5-150400.3.29.1 updated - libgobject-2_0-0-2.70.5-150400.3.29.1 updated - libgmodule-2_0-0-2.70.5-150400.3.29.1 updated - libgio-2_0-0-2.70.5-150400.3.29.1 updated - glib2-tools-2.70.5-150400.3.29.1 updated From sle-container-updates at lists.suse.com Tue Dec 23 08:07:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Dec 2025 09:07:18 +0100 (CET) Subject: SUSE-IU-2025:4010-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20251223080718.15BD6FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4010-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.441 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.441 Severity : important Type : security References : 1233640 1249806 1251786 1252033 1252267 1252780 1252862 1253367 1253431 1253436 1254297 1254662 1254878 CVE-2022-50280 CVE-2023-53676 CVE-2024-53093 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-40040 CVE-2025-40048 CVE-2025-40121 CVE-2025-40154 CVE-2025-40204 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4506-1 Released: Mon Dec 22 17:38:35 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367). - CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - Fix type signess in fbcon_set_font() (bsc#1252033). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.130.3.150500.6.63.3 updated - libglib-2_0-0-2.70.5-150400.3.29.1 updated - libgobject-2_0-0-2.70.5-150400.3.29.1 updated - libgmodule-2_0-0-2.70.5-150400.3.29.1 updated - libgio-2_0-0-2.70.5-150400.3.29.1 updated - glib2-tools-2.70.5-150400.3.29.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.230 updated From sle-container-updates at lists.suse.com Tue Dec 23 08:30:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Dec 2025 09:30:53 +0100 (CET) Subject: SUSE-CU-2025:9649-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20251223083053.6E65CFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9649-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.16.2 , suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.4 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.73.4 Severity : important Type : security References : 1254297 1254662 1254878 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.29.1 updated - libgmodule-2_0-0-2.70.5-150400.3.29.1 updated - libgobject-2_0-0-2.70.5-150400.3.29.1 updated - libgio-2_0-0-2.70.5-150400.3.29.1 updated - glib2-tools-2.70.5-150400.3.29.1 updated - container:sles15-ltss-image-15.4.0-5.4 updated From sle-container-updates at lists.suse.com Tue Dec 23 08:32:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Dec 2025 09:32:24 +0100 (CET) Subject: SUSE-CU-2025:9650-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20251223083224.6B43FFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9650-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16.2 , suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.4 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.63.4 Severity : important Type : security References : 1249055 1254297 1254662 1254878 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-7039 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4347-1 Released: Wed Dec 10 14:02:26 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4504-1 Released: Mon Dec 22 17:29:14 2025 Summary: Security update for glib2 Type: security Severity: important References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.29.1 updated - container:sles15-ltss-image-15.4.0-5.4 updated From sle-container-updates at lists.suse.com Wed Dec 24 08:13:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Dec 2025 09:13:59 +0100 (CET) Subject: SUSE-CU-2025:9656-1: Recommended update of suse/389-ds Message-ID: <20251224081359.2E099FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9656-1 Container Tags : suse/389-ds:2.5 , suse/389-ds:2.5.3 , suse/389-ds:2.5.3-66.2 , suse/389-ds:latest Container Release : 66.2 Severity : low Type : recommended References : 1252645 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2025:4513-1 Released: Tue Dec 23 14:36:56 2025 Summary: Optional update for python3-ldap Type: optional Severity: low References: 1252645 This update for python3-ldap fixes the following issue: - ship package in correct versions to match the quarterly refresh. The following package changes have been done: - python3-ldap-3.4.0-150400.8.1 updated From sle-container-updates at lists.suse.com Wed Dec 24 08:14:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Dec 2025 09:14:24 +0100 (CET) Subject: SUSE-CU-2025:9657-1: Security update of bci/bci-base-fips Message-ID: <20251224081424.CD73AFB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9657-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-14.1 , bci/bci-base-fips:latest Container Release : 14.1 Severity : important Type : security References : 1029961 1110700 1113013 1115640 1156913 1164562 1166510 1166510 1174593 1177858 1178727 1180603 1181443 1184358 1185562 1187654 1190052 1191987 1194818 1195391 1196093 1196647 1196647 1197024 1197794 1198165 1198176 1198752 1199467 1200800 1201519 1201680 1204844 1205161 1207778 1210004 1211078 1213240 1214140 1215377 1216862 1217000 1218475 1223596 1227186 1227187 1228770 1230145 1230959 1230972 1231748 1232234 1232234 1232326 1236136 1236599 1240366 1241219 1242060 1243226 1243459 1244509 1246221 1246428 1247144 1247148 1250232 916845 CVE-2013-4235 CVE-2013-4235 CVE-2018-17953 CVE-2021-46828 CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2024-10041 CVE-2024-10041 CVE-2024-12797 CVE-2024-13176 CVE-2024-22365 CVE-2024-37370 CVE-2024-37371 CVE-2025-27587 CVE-2025-27587 CVE-2025-3576 CVE-2025-6018 CVE-2025-6020 CVE-2025-9230 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2569-1 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1110700 This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2018:2825-1 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Type: security Severity: important References: 1115640,CVE-2018-17953 This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:525-1 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1164562 This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:689-1 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:917-1 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1166510 This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate References: 1174593,1177858,1178727 This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3620-1 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2847-1 Released: Mon Jul 17 08:40:42 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1210004 This update for audit fixes the following issues: - Check for AF_UNIX unnamed sockets (bsc#1210004) - Enable livepatching on main library on x86_64 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3410-1 Released: Thu Aug 24 06:56:32 2023 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1201519,1204844 This update for audit fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3611-1 Released: Fri Sep 15 09:28:36 2023 Summary: Recommended update for sysuser-tools Type: recommended Severity: moderate References: 1195391,1205161,1207778,1213240,1214140 This update for sysuser-tools fixes the following issues: - Update to version 3.2 - Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240) - Add 'quilt setup' friendly hint to %sysusers_requires usage - Use append so if a pre file already exists it isn't overridden - Invoke bash for bash scripts (bsc#1195391) - Remove all systemd requires not supported on SLE15 (bsc#1214140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3954-1 Released: Tue Oct 3 20:09:47 2023 Summary: Security update for libeconf Type: security Severity: important References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1733-1 Released: Wed May 28 17:59:52 2025 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1242060 This update for krb5 fixes the following issue: - Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2013-1 Released: Wed Jun 18 20:05:07 2025 Summary: Security update for pam Type: security Severity: important References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2042-1 Released: Fri Jun 20 12:38:43 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1236136,1236599,1243459,CVE-2024-12797,CVE-2024-13176,CVE-2025-27587 This update for openssl-3 fixes the following issues: - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459). - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. (bsc#1236599) - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2236-1 Released: Mon Jul 7 14:58:53 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1240366,CVE-2025-27587 This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366). - Backport mdless cms signing support [jsc#PED-12895] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2599-1 Released: Fri Aug 1 17:35:01 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1230959,1231748,1232326,1246428 This update for openssl-3 fixes the following issues: - FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:2874-1 Released: Tue Aug 19 06:07:47 2025 Summary: Recommended update for openssl-3 Type: recommended Severity: important References: 1247144,1247148 This update for openssl-3 fixes the following issues: - Increase limit for CRL download (bsc#1247148, bsc#1247144) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:2970-1 Released: Mon Aug 25 10:27:57 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,1246221,CVE-2024-10041 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3546-1 Released: Sat Oct 11 03:21:33 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1250232,CVE-2025-9230 This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3699-1 Released: Tue Oct 21 12:07:47 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1241219,CVE-2025-3576 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.90 added - libsemanage-conf-3.5-150600.1.48 added - libtirpc-netconfig-1.3.4-150300.3.23.1 added - libcom_err2-1.47.0-150600.4.6.2 added - libcap-ng0-0.7.9-4.37 added - libverto1-0.2.6-3.20 added - fillup-1.42-2.18 added - libzio1-1.06-2.20 added - libkeyutils1-1.6.3-5.6.1 added - libuuid1-2.40.4-150700.2.4 added - libsmartcols1-2.40.4-150700.2.4 added - libeconf0-0.5.2-150400.3.6.1 added - libaudit1-3.0.6-150400.4.16.1 added - libsepol2-3.5-150600.1.49 added - cracklib-2.9.11-150600.1.90 added - libcrack2-2.9.11-150600.1.90 added - libopenssl3-3.2.3-150700.5.21.1 added - libopenssl-3-fips-provider-3.2.3-150700.5.21.1 added - libblkid1-2.40.4-150700.2.4 added - libfdisk1-2.40.4-150700.2.4 added - login_defs-4.8.1-150600.17.9.1 added - krb5-1.20.1-150600.11.14.1 added - info-6.5-4.17 added - libsemanage2-3.5-150600.1.48 added - libmount1-2.40.4-150700.2.4 added - grep-3.11-150700.1.8 added - libtirpc3-1.3.4-150300.3.23.1 added - diffutils-3.6-4.3.1 added - libnsl2-1.2.0-2.44 added - permissions-20240826-150700.14.4 added - pam-1.3.0-150000.6.86.1 added - shadow-4.8.1-150600.17.9.1 added - sysuser-shadow-3.2-150400.3.5.3 added - system-group-hardware-20170617-150400.24.2.1 added - libutempter0-1.1.6-3.42 added - util-linux-2.40.4-150700.2.4 added - crypto-policies-scripts-20230920.570ea89-150600.3.12.1 removed - libopenssl1_1-1.1.1w-150700.11.6.1 removed - libpython3_6m1_0-3.6.15-150300.10.100.1 removed - python3-base-3.6.15-150300.10.100.1 removed From sle-container-updates at lists.suse.com Wed Dec 24 08:14:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Dec 2025 09:14:36 +0100 (CET) Subject: SUSE-CU-2025:9658-1: Security update of suse/registry Message-ID: <20251224081436.D803BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9658-1 Container Tags : suse/registry:2.8 , suse/registry:2.8 , suse/registry:2.8-20.2 , suse/registry:latest Container Release : 20.2 Severity : important Type : security References : 1254511 1254512 1254514 1254515 CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4518-1 Released: Tue Dec 23 20:07:29 2025 Summary: Security update for apache2 Type: security Severity: important References: 1254511,1254512,1254514,1254515,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) The following package changes have been done: - apache2-utils-2.4.62-150700.4.9.1 updated From sle-container-updates at lists.suse.com Wed Dec 24 08:14:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Dec 2025 09:14:46 +0100 (CET) Subject: SUSE-CU-2025:9659-1: Recommended update of suse/kubectl Message-ID: <20251224081446.E65BEFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9659-1 Container Tags : suse/kubectl:1.33 , suse/kubectl:1.33.7 , suse/kubectl:1.33.7-1.67.11 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.67.11 Container Release : 67.11 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4509-1 Released: Tue Dec 23 10:51:42 2025 Summary: Recommended update for kubernetes-old Type: recommended Severity: moderate References: This update for kubernetes-old fixes the following issues: Initial package for Kubernetes v1.33.7 * Full changelog - https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v1337 The following package changes have been done: - kubernetes1.33-client-1.33.7-150600.13.18.1 updated - kubernetes1.33-client-common-1.33.7-150600.13.18.1 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Wed Dec 24 08:15:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Dec 2025 09:15:09 +0100 (CET) Subject: SUSE-CU-2025:9660-1: Security update of bci/php-apache Message-ID: <20251224081509.79634FB9B@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9660-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.3.23 , bci/php-apache:8.3.23-17.8 , bci/php-apache:latest Container Release : 17.8 Severity : important Type : security References : 1254511 1254512 1254514 1254515 CVE-2025-55753 CVE-2025-58098 CVE-2025-65082 CVE-2025-66200 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4518-1 Released: Tue Dec 23 20:07:29 2025 Summary: Security update for apache2 Type: security Severity: important References: 1254511,1254512,1254514,1254515,CVE-2025-55753,CVE-2025-58098,CVE-2025-65082,CVE-2025-66200 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) The following package changes have been done: - apache2-prefork-2.4.62-150700.4.9.1 updated - apache2-2.4.62-150700.4.9.1 updated From sle-container-updates at lists.suse.com Fri Dec 26 08:08:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 26 Dec 2025 09:08:40 +0100 (CET) Subject: SUSE-CU-2025:9677-1: Security update of suse/kubectl Message-ID: <20251226080840.DF944FB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9677-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.9 , suse/kubectl:1.31.9-2.68.1 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.68.1 Container Release : 68.1 Severity : important Type : security References : 1156913 1216378 1240414 CVE-2023-45853 CVE-2025-31115 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2083-1 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Type: recommended Severity: moderate References: 1156913 This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4215-1 Released: Thu Oct 26 12:19:25 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) The following package changes have been done: - libbz2-1-1.0.8-150400.1.122 added - liblzma5-5.4.1-150600.3.3.1 added - libz1-1.2.13-150500.4.3.1 added - libzio1-1.06-2.20 added - info-6.5-4.17 added - diffutils-3.6-4.3.1 added - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:04:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:04:53 +0100 (CET) Subject: SUSE-IU-2025:4017-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251231080453.1C74FFB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4017-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.112 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.112 Severity : moderate Type : recommended References : 1255027 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 539 Released: Tue Dec 30 17:26:47 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1255027 This update for selinux-policy fixes the following issues: - Fix systemd generator.early and generator.late file contexts (bsc#1255027) The following package changes have been done: - selinux-policy-20230523+git32.d521aa73b-2.1 updated - selinux-policy-targeted-20230523+git32.d521aa73b-2.1 updated - container:SL-Micro-base-container-2.1.3-7.79 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:04:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:04:54 +0100 (CET) Subject: SUSE-IU-2025:4018-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20251231080454.29715FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4018-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.113 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.113 Severity : important Type : security References : 1253542 1253993 CVE-2025-47913 CVE-2025-47914 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 543 Released: Tue Dec 30 21:16:23 2025 Summary: Security update for podman Type: security Severity: important References: 1253542,1253993,CVE-2025-47913,CVE-2025-47914 This update for podman fixes the following issues: - CVE-2025-47914: lack of message size validation when SSH Agent server is processing new identity requests can lead to out-of-bounds read and an application panic (bsc#1253993). - CVE-2025-47913: receiving an `SSH_AGENT_SUCCESS` reply when the SSH client is expecting a typed response can lead to the early termination of the client process (bsc#1253542). The following package changes have been done: - podman-4.9.5-10.1 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:06:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:06:02 +0100 (CET) Subject: SUSE-IU-2025:4019-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20251231080602.EE3D0FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4019-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.79 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.79 Severity : important Type : recommended References : 1205588 1247432 1254336 1254679 CVE-2024-2312 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 541 Released: Tue Dec 30 17:20:45 2025 Summary: Recommended update for shim Type: recommended Severity: important References: 1205588,1247432,1254336,1254679,CVE-2024-2312 This update for shim fixes the following issues: This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs The following package changes have been done: - shim-16.1-1.1 updated - container:suse-toolbox-image-1.0.0-9.54 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:11:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:11:18 +0100 (CET) Subject: SUSE-CU-2025:9684-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20251231081118.E1DEDFB9C@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9684-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.54 , suse/sl-micro/6.0/toolbox:latest Container Release : 9.54 Severity : important Type : recommended References : 1196933 1206608 1207543 1208928 1232351 1241284 1244003 1244011 1244937 1245667 1246011 1246025 1249657 1250224 1252318 1254425 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 540 Released: Tue Dec 30 17:20:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1196933,1206608,1207543,1208928,1232351,1241284,1244003,1244011,1244937,1245667,1246011,1246025,1249657,1250224,1252318,1254425 This update for supportutils fixes the following issues: - Changes to version 3.2.12: * Optimized lsof usage and honors OPTION_OFILES (bsc#1232351) * Run in containers without errors (bsc#1245667) * Removed pmap PID from memory.txt (bsc#1246011) * Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025) * Improved database perforce with kGraft patching (bsc#1249657) * Using last boot for journalctl for optimization (bsc#1250224) * Fixed extraction failures (bsc#1252318) * Update supportconfig.conf path in docs (bsc#1254425) * drm_sub_info: Catch error when dir doesn't exist * Replace remaining `egrep` with `grep -E` * Add process affinity to slert logs * Reintroduce cgroup statistics (and v2) * Minor changes to basic-health-check: improve information level * Collect important machine health counters * powerpc: collect hot-pluggable PCI and PHB slots * podman: collect podman disk usage * Exclude binary files in crondir * kexec/kdump: collect everything under /sys/kernel/kexec dir * Use short-iso for journalctl - Changes to version 3.2.11: * Collect rsyslog frule files (bsc#1244003) * Remove proxy passwords (bsc#1244011) * Missing NetworkManager information (bsc#1241284) * Include agama logs bsc#1244937) * Additional NFS conf files * New fadump sysfs files * Fixed change log dates The following package changes have been done: - supportutils-3.2.12.2-1.1 updated - iproute2-6.3-4.1 removed - libbpf1-1.2.0-4.1 removed - libmnl0-1.0.5-3.1 removed - libxtables12-1.8.9-4.1 removed From sle-container-updates at lists.suse.com Wed Dec 31 08:12:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:12:04 +0100 (CET) Subject: SUSE-IU-2025:4023-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20251231081204.8D5D1FB9C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:4023-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.1 , suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.39 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 7.39 Severity : moderate Type : recommended References : 1243388 1254889 CVE-2021-41190 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 359 Released: Tue Dec 30 17:04:26 2025 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1243388,1254889,CVE-2021-41190 This update for selinux-policy fixes the following issues: - Fix: SELinux is preventing systemd-tmpfile from using the mac_admin capability (bsc#1254889) * Add a new type for systemd-ssh-issue PID files * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t The following package changes have been done: - selinux-policy-20241031+git15.e32e86fd5-slfo.1.1_1.1 updated - selinux-policy-targeted-20241031+git15.e32e86fd5-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.1-5.60 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:23:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:23:26 +0100 (CET) Subject: SUSE-CU-2025:9689-1: Recommended update of suse/samba-client Message-ID: <20251231082326.0799BFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9689-1 Container Tags : suse/samba-client:4.21 , suse/samba-client:4.21 , suse/samba-client:4.21-69.14 , suse/samba-client:latest Container Release : 69.14 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/samba-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4535-1 Released: Tue Dec 30 16:34:28 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: This update for samba fixes the following issues: - Update to 4.21.10 * Crash in ctdbd on failed updateip; (bso#15935). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.21.9 The following package changes have been done: - libldb2-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-libs-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:23:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:23:46 +0100 (CET) Subject: SUSE-CU-2025:9690-1: Recommended update of suse/samba-server Message-ID: <20251231082346.76A1AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9690-1 Container Tags : suse/samba-server:4.21 , suse/samba-server:4.21 , suse/samba-server:4.21-70.3 , suse/samba-server:latest Container Release : 70.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/samba-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4535-1 Released: Tue Dec 30 16:34:28 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: This update for samba fixes the following issues: - Update to 4.21.10 * Crash in ctdbd on failed updateip; (bso#15935). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.21.9 The following package changes have been done: - libldb2-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-libs-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-libs-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-dcerpc-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-4.21.10+git.424.0b233794b52-150700.3.14.10 updated From sle-container-updates at lists.suse.com Wed Dec 31 08:24:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Dec 2025 09:24:05 +0100 (CET) Subject: SUSE-CU-2025:9691-1: Recommended update of suse/samba-toolbox Message-ID: <20251231082405.1A06AFB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/samba-toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9691-1 Container Tags : suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21 , suse/samba-toolbox:4.21-70.2 , suse/samba-toolbox:latest Container Release : 70.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/samba-toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4535-1 Released: Tue Dec 30 16:34:28 2025 Summary: Recommended update for samba Type: recommended Severity: moderate References: This update for samba fixes the following issues: - Update to 4.21.10 * Crash in ctdbd on failed updateip; (bso#15935). * samba-4.21 fails to join AD when multiple DCs are returned; (bso#15905). * vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send; (bso#15919). * CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set; (bso#15921). - Update to 4.21.9 The following package changes have been done: - libldb2-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-libs-4.21.10+git.424.0b233794b52-150700.3.14.10 updated - samba-client-4.21.10+git.424.0b233794b52-150700.3.14.10 updated From sle-container-updates at lists.suse.com Mon Dec 15 15:12:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Dec 2025 15:12:10 -0000 Subject: SUSE-CU-2025:9026-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20251215151208.B49B5FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9026-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-53.9 , bci/bci-sle15-kernel-module-devel:latest Container Release : 53.9 Severity : important Type : security References : 1235463 1236743 1237888 1241166 1243474 1245193 1247076 1247500 1247509 1247683 1249547 1249912 1249982 1250034 1250176 1250237 1250252 1250705 1251120 1251786 1252063 1252267 1252269 1252303 1252352 1252353 1252365 1252366 1252368 1252370 1252681 1252763 1252773 1252774 1252780 1252790 1252794 1252795 1252809 1252817 1252821 1252836 1252845 1252862 1252912 1252917 1252923 1252928 1253018 1253176 1253275 1253318 1253324 1253349 1253352 1253355 1253360 1253362 1253363 1253367 1253369 1253393 1253394 1253395 1253403 1253407 1253409 1253412 1253416 1253421 1253423 1253424 1253425 1253427 1253428 1253431 1253436 1253438 1253440 1253441 1253445 1253448 1253449 1253453 1253456 1253472 1253648 1253779 1254181 1254221 1254235 CVE-2022-50253 CVE-2023-53676 CVE-2025-21710 CVE-2025-37916 CVE-2025-38359 CVE-2025-39788 CVE-2025-39805 CVE-2025-39819 CVE-2025-39822 CVE-2025-39859 CVE-2025-39944 CVE-2025-39980 CVE-2025-40001 CVE-2025-40021 CVE-2025-40027 CVE-2025-40030 CVE-2025-40038 CVE-2025-40040 CVE-2025-40047 CVE-2025-40048 CVE-2025-40055 CVE-2025-40059 CVE-2025-40064 CVE-2025-40070 CVE-2025-40074 CVE-2025-40075 CVE-2025-40080 CVE-2025-40083 CVE-2025-40086 CVE-2025-40098 CVE-2025-40105 CVE-2025-40107 CVE-2025-40109 CVE-2025-40110 CVE-2025-40111 CVE-2025-40115 CVE-2025-40116 CVE-2025-40118 CVE-2025-40120 CVE-2025-40121 CVE-2025-40127 CVE-2025-40129 CVE-2025-40139 CVE-2025-40140 CVE-2025-40141 CVE-2025-40149 CVE-2025-40154 CVE-2025-40156 CVE-2025-40157 CVE-2025-40159 CVE-2025-40164 CVE-2025-40168 CVE-2025-40169 CVE-2025-40171 CVE-2025-40172 CVE-2025-40173 CVE-2025-40176 CVE-2025-40180 CVE-2025-40183 CVE-2025-40185 CVE-2025-40186 CVE-2025-40188 CVE-2025-40194 CVE-2025-40198 CVE-2025-40200 CVE-2025-40204 CVE-2025-40205 CVE-2025-40206 CVE-2025-40207 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4393-1 Released: Mon Dec 15 12:08:54 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1235463,1236743,1237888,1241166,1243474,1245193,1247076,1247500,1247509,1247683,1249547,1249912,1249982,1250034,1250176,1250237,1250252,1250705,1251120,1251786,1252063,1252267,1252269,1252303,1252352,1252353,1252365,1252366,1252368,1252370,1252681,1252763,1252773,1252774,1252780,1252790,1252794,1252795,1252809,1252817,1252821,1252836,1252845,1252862,1252912,1252917,1252923,1252928,1253018,1253176,1253275,1253318,1253324,1253349,1253352,1253355,1253360,1253362,1253363,1253367,1253369,1253393,1253394,1253395,1253403,1253407,1253409,1253412,1253416,1253421,1253423,1253424,1253425,1253427,1253428,1253431,1253436,1253438,1253440,1253441,1253445,1253448,1253449,1253453,1253456,1253472,1253648,1253779,1254181,1254221,1254235,CVE-2022-50253,CVE-2023-53676,CVE-2025-21710,CVE-2025-37916,CVE-2025-38359,CVE-2025-39788,CVE-2025-39805,CVE-2025-39819,CVE-2025-39822,CVE-2025-39859,CVE-2025-39944,CVE-2025-39980,CVE-2025-40001,CVE-2025-40021,CVE-2025-40027,CVE-2025-40030,CVE-2025-40038,CV E-2025-40040,CVE-2025-40047,CVE-2025-40048,CVE-2025-40055,CVE-2025-40059,CVE-2025-40064,CVE-2025-40070,CVE-2025-40074,CVE-2025-40075,CVE-2025-40080,CVE-2025-40083,CVE-2025-40086,CVE-2025-40098,CVE-2025-40105,CVE-2025-40107,CVE-2025-40109,CVE-2025-40110,CVE-2025-40111,CVE-2025-40115,CVE-2025-40116,CVE-2025-40118,CVE-2025-40120,CVE-2025-40121,CVE-2025-40127,CVE-2025-40129,CVE-2025-40139,CVE-2025-40140,CVE-2025-40141,CVE-2025-40149,CVE-2025-40154,CVE-2025-40156,CVE-2025-40157,CVE-2025-40159,CVE-2025-40164,CVE-2025-40168,CVE-2025-40169,CVE-2025-40171,CVE-2025-40172,CVE-2025-40173,CVE-2025-40176,CVE-2025-40180,CVE-2025-40183,CVE-2025-40185,CVE-2025-40186,CVE-2025-40188,CVE-2025-40194,CVE-2025-40198,CVE-2025-40200,CVE-2025-40204,CVE-2025-40205,CVE-2025-40206,CVE-2025-40207 The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39822: io_uring/kbuf: fix signedness in this_len calculation (bsc#1250034). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40047: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (bsc#1252790). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40086: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds (bsc#1252923). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40185: ice: ice_adapter: release xa entry on adapter allocation failure (bsc#1253394). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tas2781: fix getting the wrong device number (git-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (git-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: s390: improve interrupt cpu for wakeup (bsc#1235463). - KVM: s390: kABI backport for 'last_sleep_cpu' (bsc#1252352). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - KVM: x86: Have all vendor neutral sub-configs depend on KVM_X86, not just KVM (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - acpi/hmat: Fix lockdep warning for hmem_register_resource() (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (git-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - bpf: Fix test verif_scale_strobemeta_subprogs failure due to llvm19 (bsc#1252368). - bpf: improve error message for unsupported helper (bsc#1252370). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). - cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/amdgpu: Release xcp drm memory after unplug (stable-fixes). - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Add fallback path for YCBCR422 (stable-fixes). - drm/amd/display: Allow VRR params change if unsynced with the stream (git-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Enable mst when it's detected but yet to be initialized (git-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Fix for test crash due to power gating (stable-fixes). - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (stable-fixes). - drm/amd/display: Fix pbn_div Calculation Error (stable-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting (stable-fixes). - drm/amd/display: Init dispclk from bootup clock for DCN314 (stable-fixes). - drm/amd/display: Move setup_stream_attribute (stable-fixes). - drm/amd/display: Reject modes with too high pixel clock on DCE6-10 (git-fixes). - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off (stable-fixes). - drm/amd/display: Set up pixel encoding for YCBCR422 (stable-fixes). - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits (stable-fixes). - drm/amd/display: Wait until OTG enable state is cleared (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: change dc stream color settings only in atomic commit (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: fix condition for setting timing_adjust_pending (stable-fixes). - drm/amd/display: fix dml ms order of operations (stable-fixes). - drm/amd/display: incorrect conditions for failing dto calculations (stable-fixes). - drm/amd/display: update color on atomic commit time (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Check that VPE has reached DPM0 in idle handler (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu/smu: Handle S0ix for vangogh (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Check vcn sram load return value (stable-fixes). - drm/amdgpu: Correct the counts of nr_banks and nr_errors (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Fix function header names in amdgpu_connectors.c (git-fixes). - drm/amdgpu: Fix unintended error log in VCN5_0_0 (git-fixes). - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) (stable-fixes). - drm/amdgpu: Skip poison aca bank from UE channel (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add range check for RAS bad page address (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: fix nullptr err of vm_handle_moved (stable-fixes). - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdgpu: remove two invalid BUG_ON()s (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: relax checks for over allocation of save area (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/ast: Blank with VGACR17 sync enable, always clear VGACRB6 sync off (git-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/exynos: exynos7_drm_decon: remove ctx->suspended (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/mediatek: Add pm_runtime support for GCE power control (git-fixes). - drm/mediatek: Disable AFBC support on Mediatek DRM driver (git-fixes). - drm/msm/a6xx: Fix PDC sleep sequence (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm/registers: Generate _HI/LO builders for reg64 (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/panthor: Serialize GPU cache flush operations (stable-fixes). - drm/panthor: check bo offset alignment in vm bind (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/sched: Optimise drm_sched_entity_push_job (stable-fixes). - drm/sched: avoid killing parent entity on child SIGKILL (stable-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - drm/xe/guc: Add more GuC load error status codes (stable-fixes). - drm/xe/guc: Increase GuC crash dump buffer size (stable-fixes). - drm/xe/guc: Return an error code if the GuC load fails (stable-fixes). - drm/xe/guc: Set upper limit of H2G retries over CTB (stable-fixes). - drm/xe/guc: Synchronize Dead CT worker with unbind (git-fixes). - drm/xe: Do clean shutdown also when using flr (git-fixes). - drm/xe: Do not wake device during a GT reset (git-fixes). - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test (stable-fixes). - drm/xe: Move declarations under conditional branch (stable-fixes). - drm/xe: Remove duplicate DRM_EXEC selection from Kconfig (git-fixes). - drm: panel-backlight-quirks: Make EDID match optional (stable-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - hyperv: Remove the spurious null directive line (git-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - ixgbe: fix memory leak and use-after-free in ixgbe_recovery_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - media: videobuf2: forbid remove_bufs when legacy fileio is active (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - nvme-auth: add hkdf_expand_label() (bsc#1247683). - nvme-auth: use hkdf_expand_label() (bsc#1247683). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Check for timeout in perf_link test (bsc#1253648). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Remove sockmap_ktls disconnect_after_delete test (bsc#1252365). - selftests/bpf: Remove tests for zeroed-array kptr (bsc#1252366). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - selftests/net/forwarding: add slowwait functions (bsc#1254235). - selftests/net/lib: no need to record ns name if it already exist (bsc#1254235). - selftests/net/lib: update busywait timeout value (bsc#1254235). - selftests/net: add lib.sh (bsc#1254235). - selftests/net: add variable NS_LIST for lib.sh (bsc#1254235). - selftests/net: use tc rule to filter the na packet (bsc#1254235). - selftests/run_kselftest.sh: Add `--skip` argument option (bsc#1254221). - selftests: forwarding.config.sample: Move overrides to lib.sh (bsc#1254235). - selftests: forwarding: Add a test for testing lib.sh functionality (bsc#1254235). - selftests: forwarding: Avoid failures to source net/lib.sh (bsc#1254235). - selftests: forwarding: Change inappropriate log_test_skip() calls (bsc#1254235). - selftests: forwarding: Convert log_test() to recognize RET values (bsc#1254235). - selftests: forwarding: Have RET track kselftest framework constants (bsc#1254235). - selftests: forwarding: Parametrize mausezahn delay (bsc#1254235). - selftests: forwarding: Redefine relative_path variable (bsc#1254235). - selftests: forwarding: Remove duplicated lib.sh content (bsc#1254235). - selftests: forwarding: Support for performance sensitive tests (bsc#1254235). - selftests: lib: Define more kselftest exit codes (bsc#1254235). - selftests: lib: tc_rule_stats_get(): Move default to argument definition (bsc#1254235). - selftests: net: List helper scripts in TEST_FILES Makefile variable (bsc#1254235). - selftests: net: Unify code of busywait() and slowwait() (bsc#1254235). - selftests: net: add helper for checking if nettest is available (bsc#1254235). - selftests: net: lib: Do not overwrite error messages (bsc#1254235). - selftests: net: lib: Move logging from forwarding/lib.sh here (bsc#1254235). - selftests: net: lib: avoid error removing empty netns name (bsc#1254235). - selftests: net: lib: do not set ns var as readonly (bsc#1254235). - selftests: net: lib: fix shift count out of range (bsc#1254235). - selftests: net: lib: ignore possible errors (bsc#1254235). - selftests: net: lib: kill PIDs before del netns (bsc#1254235). - selftests: net: lib: remove 'ns' var in setup_ns (bsc#1254235). - selftests: net: lib: remove ns from list after clean-up (bsc#1254235). - selftests: net: lib: set 'i' as local (bsc#1254235). - selftests: net: lib: support errexit with busywait (bsc#1254235). - selftests: net: libs: Change variable fallback syntax (bsc#1254235). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/hv: fcopy: Fix incorrect file path conversion (git-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: Add quirk entries for Thinkpad T14s Gen3 AMD (bsc#1254181). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list (stable-fixes). - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: Track NAN interface start/stop (stable-fixes). - wifi: mac80211: don't mark keys for inactive links as uploaded (stable-fixes). - wifi: mac80211: fix key tailroom accounting leak (git-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: rtw89: print just once for unknown C2H events (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xe/oa: Fix query mode of operation for OAR/OAC (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). The following package changes have been done: - kernel-macros-6.4.0-150700.53.25.1 updated - kernel-devel-6.4.0-150700.53.25.1 updated - kernel-default-devel-6.4.0-150700.53.25.1 updated - kernel-syms-6.4.0-150700.53.25.1 updated From sle-container-updates at lists.suse.com Fri Dec 19 08:27:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Dec 2025 08:27:59 -0000 Subject: SUSE-CU-2025:9182-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20251219082758.25101FB9B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:9182-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.6 , suse/manager/5.0/x86_64/server:5.0.6.7.36.2 , suse/manager/5.0/x86_64/server:latest Container Release : 7.36.2 Severity : critical Type : security References : 1040589 1211373 1213308 1217755 1222128 1224386 1225740 1227577 1227579 1229750 1229825 1229977 1230876 1231055 1232526 1233496 1233529 1233655 1235567 1235847 1236632 1236744 1236976 1236977 1236978 1236999 1237000 1237001 1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236 1237240 1237241 1237242 1237536 1238481 1238491 1239158 1239566 1239636 1239938 1240225 1240565 1240788 1240870 1241013 1241132 1241307 1241916 1243087 1243183 1243381 1243679 1243756 1243760 1243768 1243794 1243808 1243876 1243991 1243994 1244027 1244050 1244065 1244125 1244219 1244290 1244298 1244329 1244338 1244400 1244427 1244430 1244519 1244542 1244552 1244641 1244648 1244724 1244822 1245027 1245190 1245199 1245240 1245241 1245307 1245398 1245405 1245528 1245953 1245987 1246035 1246421 1246422 1246436 1246452 1246481 1246486 1246586 1246638 1246659 1246663 1246806 1246883 1246957 1246981 1247084 1247105 1247111 1247114 1247117 1247214 1247269 1247305 1247322 1247407 1247481 1247498 1247544 1247822 1247951 1247983 1247985 1247990 1248247 1248292 1248403 1248409 1248411 1248448 1248467 1248501 1248661 1248741 1248799 1248804 1249055 1249089 1249148 1249359 1249384 1249502 1250239 1250318 1250342 1250399 1250423 1250427 1250451 1250553 1250593 1250632 1250754 1251117 1251198 1251199 1251275 1251276 1251277 1251305 1251794 1251795 1251796 1251827 1251864 1251979 1252023 1252097 1252148 1252160 1252250 1252269 1252378 1252379 1252380 1252414 1252417 1252425 1252680 1252723 1252753 1252756 1252905 1252930 1252931 1252932 1252933 1252934 1252935 1252974 1253043 1253332 1253332 1253333 1253333 1253460 1253741 1253757 1254132 510058 CVE-2025-0840 CVE-2025-10911 CVE-2025-11083 CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148 CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151 CVE-2025-1152 CVE-2025-1153 CVE-2025-11561 CVE-2025-11563 CVE-2025-11731 CVE-2025-1176 CVE-2025-1178 CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-12817 CVE-2025-12817 CVE-2025-12818 CVE-2025-12818 CVE-2025-1352 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-3198 CVE-2025-40778 CVE-2025-40780 CVE-2025-5244 CVE-2025-5245 CVE-2025-53057 CVE-2025-53066 CVE-2025-54770 CVE-2025-54771 CVE-2025-55752 CVE-2025-55754 CVE-2025-59419 CVE-2025-59432 CVE-2025-6075 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 CVE-2025-61795 CVE-2025-61984 CVE-2025-61985 CVE-2025-7039 CVE-2025-7545 CVE-2025-7546 CVE-2025-8224 CVE-2025-8225 CVE-2025-8291 CVE-2025-8677 CVE-2025-9820 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1938-1 Released: Fri Jun 13 06:01:27 2025 Summary: Recommended update for apache-commons-text Type: recommended Severity: moderate References: This update for apache-commons-text fixes the following issues: - Deliver apache-commons-text to openSUSE Leap 15.6 from SLES (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3836-1 Released: Tue Oct 28 11:38:00 2025 Summary: Recommended update for bash Type: recommended Severity: important References: 1245199 This update for bash fixes the following issues: - Fix histfile missing timestamp for the oldest record (bsc#1245199) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3847-1 Released: Wed Oct 29 06:06:00 2025 Summary: Recommended update for python-kiwi Type: recommended Severity: critical References: 1243381,1245190,1250754 This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues: python-kiwi: - Switch to Python 3.11 based python-kiwi (jsc#PED-13168) - Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754) - Fixed get_partition_node_name (bsc#1245190) - Added new eficsm type attribute (bsc#1243381) - Included support for older schemas - New binary packages: * kiwi-bash-completion * kiwi-systemdeps-containers-wsl appx-util: - Implementation as dependency required by kiwi-systemdeps-containers-wsl python-docopt, python-xmltodict, libsolv: - Implementation of Python 3.11 flavours required by python311-kiwi (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3851-1 Released: Wed Oct 29 15:04:32 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1229750,1250593 This update for vim fixes the following issues: - Fix regression in vim: xxd -a shows no output (bsc#1250593). Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless). - Fix vim compatible mode is not switched off earlier (bsc#1229750). Nocompatible must be set before the syntax highlighting is turned on. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3875-1 Released: Thu Oct 30 16:26:57 2025 Summary: Security update for libxslt Type: security Severity: important References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3877-1 Released: Fri Oct 31 05:29:41 2025 Summary: Recommended update for libselinux Type: recommended Severity: important References: 1252160 This update for libselinux fixes the following issues: - Ship license file (bsc#1252160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3930-1 Released: Tue Nov 4 09:26:22 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050 This update for gcc15 fixes the following issues: This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 14 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc15 compilers use: - install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages. - override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages. For a full changelog with all new GCC15 features, check out https://gcc.gnu.org/gcc-15/changes.html Update to GCC 15.2 release: * the GCC 15.2 release contains regression fixes accumulated since the GCC 15.1 release - Prune the use of update-alternatives from openSUSE Factory and SLFO. - Adjust crosses to conflict consistently where they did not already and make them use unsuffixed binaries. - Tune for power10 for SLES 16. [jsc#PED-12029] - Tune for z15 for SLES 16. [jsc#PED-253] - Fix PR120827, ICE due to splitter emitting constant loads directly - Exclude shared objects present for link editing in the GCC specific subdirectory from provides processing via __provides_exclude_from. [bsc#1244050][bsc#1243991] - Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap variant conflict with the unversioned cross-*-gcc package. - Enable C++ for offload compilers. [bsc#1243794] - Add libgcobol and libquadmath-devel dependence to the cobol frontend package. Update to GCC 15 branch head, 15.1.1+git9595 * includes GCC 15.1 release - Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs for the AMD GCN offload compiler when llvm is new enough. - Make sure link editing is done against our own shared library copy rather than the installed system runtime. [bsc#1240788] - Fix newlib libm miscompilation for GCN offloading. Update to GCC trunk head, 15.0.1+git9001 * includes -msplit-patch-nops required for user-space livepatching on powerpc * includes fix for Ada build with --enable-host-pie - Build GCC executables PIE on SLE. [bsc#1239938] - Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566] - Package GCC COBOL compiler for openSUSE Factory for supported targets which are x86_64, aarch64 and ppc64le. - Disable profiling during build when %want_reproducible_builds is set [bsc#1238491] - Includes fix for emacs JIT use - Bumps libgo SONAME to libgo24 which should fix go1.9 build - Adjust cross compiler requirements to use %requires_ge - For cross compilers require the same or newer binutils, newlib or cross-glibc that was used at build time. [bsc#1232526] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3934-1 Released: Tue Nov 4 12:23:11 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1247498 This update for cyrus-sasl fixes the following issue: - Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3969-1 Released: Thu Nov 6 12:08:20 2025 Summary: Recommended update for SLES-release Type: recommended Severity: low References: This update for SLES-release provides the following fix: - Adjust the EOL date for the product. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:3982-1 Released: Thu Nov 6 19:21:10 2025 Summary: Recommended update for lcms2 Type: recommended Severity: moderate References: 1247985 This update for lcms2 fixes the following issue: - Enable threads support and avoid linker errors (bsc#1247985). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:3997-1 Released: Fri Nov 7 16:50:17 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1246806,1252414,1252417,CVE-2025-53057,CVE-2025-53066 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4054-1 Released: Tue Nov 11 15:04:28 2025 Summary: Security update for ongres-scram Type: security Severity: moderate References: 1250399,CVE-2025-59432 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4067-1 Released: Wed Nov 12 09:03:26 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1251198,1251199,CVE-2025-61984,CVE-2025-61985 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4087-1 Released: Wed Nov 12 20:35:10 2025 Summary: Security update for netty, netty-tcnative Type: security Severity: moderate References: 1252097,CVE-2025-59419 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery (bsc#1252097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4096-1 Released: Fri Nov 14 09:07:37 2025 Summary: Security update for binutils Type: security Severity: important References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base= option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4110-1 Released: Fri Nov 14 16:56:18 2025 Summary: Security update for bind Type: security Severity: important References: 1252378,1252379,1252380,CVE-2025-40778,CVE-2025-40780,CVE-2025-8677 This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4118-1 Released: Mon Nov 17 09:06:55 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: 1252148 This update for freetype2 fixes the following issues: - Fix the %licence tag (bsc#1252148) * package FTL.TXT and GPLv2.TXT as %license ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4120-1 Released: Mon Nov 17 10:45:27 2025 Summary: Recommended update for SLES-release, sle-module-python3-release Type: recommended Severity: moderate References: This update for SLES-release, sle-module-python3-release fixes the following issue: - SLES-release: Clear codestream EOL info for better readability. - sle-module-python3-release: Clear EOL as this follow the product EOL. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4138-1 Released: Wed Nov 19 11:15:12 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1224386,1248501 This update for systemd fixes the following issues: - systemd.spec: use %sysusers_generate_pre so that some systemd users are already available in %pre. This is important because D-Bus automatically reloads its configuration whenever new configuration files are installed, i.e. between %pre and %post. (bsc#1248501) No needs for systemd and udev packages as they are always installed during the initial installation. - Split systemd-network into two new sub-packages: systemd-networkd and systemd-resolved (bsc#1224386 jsc#PED-12669) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4155-1 Released: Fri Nov 21 15:09:44 2025 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1233529 This update for cyrus-sasl fixes the following issues: - Python3 error log upon importing pycurl (bsc#1233529) * Remove senceless log message. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4159-1 Released: Fri Nov 21 15:31:48 2025 Summary: Security update for tomcat Type: security Severity: important References: 1252753,1252756,1252905,CVE-2025-55752,CVE-2025-55754,CVE-2025-61795 This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753) - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905) - CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4179-1 Released: Mon Nov 24 08:27:54 2025 Summary: Recommended update for mozilla-nspr Type: recommended Severity: moderate References: This update for mozilla-nspr fixes the following issues: - update to NSPR 4.36.2 * Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1 - update to NSPR 4.36.1 * Incorrect time value produced by PR_ParseTimeString and PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4092-1 Released: Mon Nov 24 10:08:22 2025 Summary: Security update for elfutils Type: security Severity: moderate References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4196-1 Released: Mon Nov 24 11:54:23 2025 Summary: Security update for grub2 Type: security Severity: moderate References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4236-1 Released: Tue Nov 25 17:02:19 2025 Summary: Security update for curl Type: security Severity: moderate References: 1253757,CVE-2025-11563 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4247-1 Released: Wed Nov 26 09:56:54 2025 Summary: Security update for sssd Type: security Severity: important References: 1251827,CVE-2025-11561 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4293-1 Released: Fri Nov 28 10:10:49 2025 Summary: Recommended update for gpgme Type: recommended Severity: important References: 1231055,1252425 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4303-1 Released: Fri Nov 28 14:11:38 2025 Summary: Recommended update for kmod Type: recommended Severity: important References: 1253741 This update for kmod fixes the following issues: - Fix modprobe.d confusion on man page (bsc#1253741): * document the config file order handling ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4304-1 Released: Fri Nov 28 14:14:06 2025 Summary: Recommended update for tomcat Type: recommended Severity: important References: 1253460 This update for tomcat fixes the following issues: - make catalina.sh %config(noreplace) (bsc#1253460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4308-1 Released: Fri Nov 28 16:38:46 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1249055,CVE-2025-7039 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4323-1 Released: Mon Dec 8 19:14:15 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1254132,CVE-2025-9820 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4350-1 Released: Wed Dec 10 14:52:26 2025 Summary: Recommended update for libX11 Type: recommended Severity: important References: 1252250 This update for libX11 fixes the following issues: - Fix: Barcode scanner input gets jumbled when ibus is running and an application written in certain frameworks has focus (bsc#1252250) * imDefLkup: commit first info in XimCommitInfo * ximcp: Unmark to fabricate key events with XKeyEvent serial ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4359-1 Released: Thu Dec 11 04:06:53 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1249359 This update for apache2 fixes the following issues: - Fixed binary path for Apache's MPM that was partially duplicated when it can't be invoked/found (bsc#1249359) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4362-1 Released: Thu Dec 11 11:08:27 2025 Summary: Recommended update for gcc15 Type: recommended Severity: moderate References: 1253043 This update for gcc15 fixes the following issues: - Enable the use of _dl_find_object even when not available at build time. [bsc#1253043] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4363-1 Released: Thu Dec 11 11:10:57 2025 Summary: Security update for postgresql17, postgresql18 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4368-1 Released: Thu Dec 11 16:12:16 2025 Summary: Security update for python3 Type: security Severity: low References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4378-1 Released: Fri Dec 12 10:37:36 2025 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1233655,510058 This update for lvm2 fixes the following issues: - Maintenance update attempt seems to be stuck at mkinitrd (bsc#510058). - Fix for 'systemctl start lvmlockd.service' time out (bsc#1233655). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:4388-1 Released: Fri Dec 12 14:36:27 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:4401-1 Released: Mon Dec 15 14:35:37 2025 Summary: Recommended update for sles-release Type: recommended Severity: moderate References: This update for sles-release fixes the following issue: - Add corrected EOL value for the codestream reflecting whats on https://www.suse.com/lifecycle/ - this also fixes issues reported by some parsing tools, related to ISO_8601 data format. ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-4456 Released: Thu Dec 18 12:55:55 2025 Summary: Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1211373,1213308,1217755,1222128,1225740,1227577,1227579,1229825,1229977,1230876,1233496,1235567,1235847,1237536,1238481,1239158,1239636,1240225,1240565,1241013,1241307,1243087,1243183,1243679,1243768,1243808,1243876,1243994,1244027,1244065,1244125,1244219,1244290,1244298,1244329,1244338,1244400,1244427,1244430,1244519,1244542,1244552,1244641,1244648,1244724,1244822,1245027,1245240,1245241,1245307,1245398,1245405,1245528,1245987,1246035,1246421,1246422,1246436,1246452,1246586,1246638,1246659,1246663,1246883,1246957,1246981,1247084,1247111,1247214,1247269,1247305,1247322,1247407,1247481,1247544,1247822,1247951,1247983,1247990,1248247,1248292,1248403,1248409,1248411,1248448,1248467,1248661,1248741,1248799,1248804,1249089,1249148,1249384,1249502,1250239,1250318,1250342,1250423,1250427,1250451,1251117,1251796,1251864,1252023,1252680,1252723 Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update The following package changes have been done: - branch-network-formula-1.0.0-150600.3.6.1 updated - libelf1-0.185-150400.5.8.3 updated - libdw1-0.185-150400.5.8.3 updated - libsasl2-3-2.1.28-150600.7.14.1 updated - bind-formula-1.0.0-150600.3.3.1 updated - libselinux1-3.5-150600.3.3.1 updated - libudev1-254.27-150600.4.46.2 updated - libX11-data-1.8.7-150600.3.6.1 updated - libreadline7-7.0-150400.27.6.1 updated - bash-4.4-150400.27.6.1 updated - bash-sh-4.4-150400.27.6.1 updated - libgcc_s1-15.2.0+git10201-150000.1.6.1 updated - libglib-2_0-0-2.78.6-150600.4.22.1 updated - libgpgme11-1.23.0-150600.3.5.1 updated - dhcpd-formula-1.0.0-150600.3.3.1 updated - libcurl4-8.14.1-150600.4.31.1 updated - libkmod2-29-150600.13.3.1 updated - libsolv-tools-base-0.7.34-150600.8.19.2 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.9.3 updated - liberate-formula-0.1.1-150600.3.3.1 updated - libstdc++6-15.2.0+git10201-150000.1.6.1 updated - libsystemd0-254.27-150600.4.46.2 updated - systemd-254.27-150600.4.46.2 updated - libatomic1-15.2.0+git10201-150000.1.6.1 updated - sles-release-15.6-150600.64.12.1 updated - curl-8.14.1-150600.4.31.1 updated - libctf-nobfd0-2.45-150100.7.57.1 updated - libgmodule-2_0-0-2.78.6-150600.4.22.1 updated - libgobject-2_0-0-2.78.6-150600.4.22.1 updated - libgomp1-15.2.0+git10201-150000.1.6.1 updated - libipa_hbac0-2.9.3-150600.3.28.1 updated - libitm1-15.2.0+git10201-150000.1.6.1 updated - liblcms2-2-2.15-150600.3.3.2 updated - liblsan0-15.2.0+git10201-150000.1.6.1 updated - libpq5-18.1-150600.13.3.1 updated - libquadmath0-15.2.0+git10201-150000.1.6.1 updated - libsolv-tools-0.7.34-150600.8.19.2 updated - libsss_idmap0-2.9.3-150600.3.28.1 updated - libsss_nss_idmap0-2.9.3-150600.3.28.1 updated - libxslt1-1.1.34-150400.3.13.1 updated - mozilla-nspr-4.36.2-150000.3.36.1 updated - openssh-common-9.6p1-150600.6.34.1 updated - prometheus-formula-0.9.0-150600.3.3.1 updated - release-notes-susemanager-5.0.6-150600.11.45.1 updated - selinux-tools-3.5-150600.3.3.1 updated - susemanager-schema-utility-5.0.17-150600.3.20.2 updated - uyuni-config-modules-5.0.20-150600.3.27.1 updated - vim-data-common-9.1.1629-150500.20.38.1 updated - libctf0-2.45-150100.7.57.1 updated - binutils-2.45-150100.7.57.1 updated - cyrus-sasl-2.1.28-150600.7.14.1 updated - libpython3_6m1_0-3.6.15-150300.10.100.1 updated - python3-base-3.6.15-150300.10.100.1 updated - python3-3.6.15-150300.10.100.1 updated - python3-curses-3.6.15-150300.10.100.1 updated - libfreetype6-2.10.4-150000.4.25.1 updated - postgresql-18-150600.17.9.1 updated - postgresql16-16.11-150600.16.25.1 updated - libsss_certmap0-2.9.3-150600.3.28.1 updated - bind-utils-9.18.33-150600.3.18.1 updated - libxslt-tools-1.1.34-150400.3.13.1 updated - openssh-fips-9.6p1-150600.6.34.1 updated - susemanager-docs_en-5.0.6-150600.11.18.1 updated - libgio-2_0-0-2.78.6-150600.4.22.1 updated - glib2-tools-2.78.6-150600.4.22.1 updated - spacewalk-java-lib-5.0.30-150600.3.41.4 updated - uyuni-base-common-5.0.3-150600.2.3.1 updated - libX11-6-1.8.7-150600.3.6.1 updated - vim-9.1.1629-150500.20.38.1 updated - apache2-prefork-2.4.58-150600.5.38.1 updated - cyrus-sasl-gssapi-2.1.28-150600.7.14.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.7.14.1 updated - openssh-server-9.6p1-150600.6.34.1 updated - openssh-clients-9.6p1-150600.6.34.1 updated - libgnutls30-3.8.3-150600.4.12.1 updated - zchunk-1.1.16-150600.9.3 added - python3-susemanager-retail-1.2.0-150600.3.6.1 updated - python3-solv-0.7.34-150600.8.19.2 updated - prometheus-exporters-formula-1.4.2-150600.3.3.1 updated - postgresql-server-18-150600.17.9.1 updated - postgresql16-server-16.11-150600.16.25.1 updated - susemanager-docs_en-pdf-5.0.6-150600.11.18.1 updated - susemanager-schema-5.0.17-150600.3.20.2 updated - perl-Satcon-5.0.2-150600.3.3.1 updated - susemanager-sync-data-5.0.14-150600.3.25.1 updated - apache2-2.4.58-150600.5.38.1 updated - openssh-9.6p1-150600.6.34.1 updated - grub2-2.12-150600.8.44.2 updated - grub2-i386-pc-2.12-150600.8.44.2 updated - susemanager-retail-tools-1.2.0-150600.3.6.1 updated - virtual-host-gatherer-1.0.29-150600.8.3.1 updated - python3-pyasn1-modules-0.2.1-150000.3.7.1 added - postgresql16-contrib-16.11-150600.16.25.1 updated - postgresql-contrib-18-150600.17.9.1 updated - sssd-ldap-2.9.3-150600.3.28.1 updated - sssd-2.9.3-150600.3.28.1 updated - sssd-krb5-common-2.9.3-150600.3.28.1 updated - java-17-openjdk-headless-17.0.17.0-150400.3.60.2 updated - grub2-x86_64-efi-2.12-150600.8.44.2 updated - grub2-powerpc-ieee1275-2.12-150600.8.44.2 updated - grub2-arm64-efi-2.12-150600.8.44.2 updated - inter-server-sync-0.3.9-150600.3.9.2 updated - spacecmd-5.0.14-150600.4.18.1 updated - virtual-host-gatherer-Nutanix-1.0.29-150600.8.3.1 updated - python3-ldap-3.4.0-150400.3.3.1 added - spacewalk-backend-sql-postgresql-5.0.16-150600.4.23.7 updated - sssd-krb5-2.9.3-150600.3.28.1 updated - sssd-dbus-2.9.3-150600.3.28.1 updated - python3-sssd-config-2.9.3-150600.3.28.1 updated - sssd-ad-2.9.3-150600.3.28.1 updated - tomcat-servlet-4_0-api-9.0.111-150200.99.1 updated - tomcat-el-3_0-api-9.0.111-150200.99.1 updated - java-17-openjdk-17.0.17.0-150400.3.60.2 updated - spacewalk-base-minimal-5.0.25-150600.3.33.9 updated - spacewalk-config-5.0.8-150600.3.15.1 updated - virtual-host-gatherer-Libvirt-1.0.29-150600.8.3.1 updated - sssd-tools-2.9.3-150600.3.28.1 updated - sssd-ipa-2.9.3-150600.3.28.1 updated - tomcat-jsp-2_3-api-9.0.111-150200.99.1 updated - apache-commons-text-1.10.0-150200.5.11.1 added - netty-4.1.128-150200.4.37.1 updated - python3-firewall-1.3.4-150600.13.3.1 updated - spacewalk-base-minimal-config-5.0.25-150600.3.33.9 updated - tomcat-lib-9.0.111-150200.99.1 updated - ongres-scram-2.1-150400.8.5.1 updated - firewalld-1.3.4-150600.13.3.1 updated - python3-rhnlib-5.0.6-150600.4.9.1 updated - ongres-scram-client-2.1-150400.8.5.1 updated - spacewalk-backend-5.0.16-150600.4.23.7 updated - python3-spacewalk-client-tools-5.0.11-150600.4.15.5 updated - spacewalk-client-tools-5.0.11-150600.4.15.5 updated - spacewalk-base-5.0.25-150600.3.33.9 updated - spacewalk-search-5.0.6-150600.3.12.1 updated - salt-3006.0-150600.8.12.2 updated - python3-salt-3006.0-150600.8.12.2 updated - spacewalk-backend-sql-5.0.16-150600.4.23.7 updated - python3-spacewalk-certs-tools-5.0.12-150600.3.17.1 updated - spacewalk-certs-tools-5.0.12-150600.3.17.1 updated - mgr-push-5.0.3-150600.2.3.1 updated - python3-mgr-push-5.0.3-150600.2.3.1 updated - spacewalk-admin-5.0.12-150600.3.14.1 updated - tomcat-9.0.111-150200.99.1 updated - salt-master-3006.0-150600.8.12.2 updated - virtual-host-gatherer-VMware-1.0.29-150600.8.3.1 updated - virtual-host-gatherer-libcloud-1.0.29-150600.8.3.1 updated - cobbler-3.3.3-150600.5.17.5 updated - spacewalk-backend-server-5.0.16-150600.4.23.7 updated - susemanager-sls-5.0.20-150600.3.27.1 updated - uyuni-base-server-5.0.3-150600.2.3.1 updated - spacewalk-java-postgresql-5.0.30-150600.3.41.4 updated - spacewalk-branding-5.0.3-150600.3.3.1 updated - spacewalk-java-config-5.0.30-150600.3.41.4 updated - salt-api-3006.0-150600.8.12.2 updated - susemanager-tftpsync-5.0.2-150600.3.3.1 updated - spacewalk-backend-xmlrpc-5.0.16-150600.4.23.7 updated - spacewalk-backend-xml-export-libs-5.0.16-150600.4.23.7 updated - spacewalk-backend-package-push-server-5.0.16-150600.4.23.7 updated - spacewalk-backend-iss-5.0.16-150600.4.23.7 updated - spacewalk-backend-app-5.0.16-150600.4.23.7 updated - spacewalk-reports-5.0.4-150600.3.6.1 updated - spacewalk-html-5.0.25-150600.3.33.9 updated - spacewalk-taskomatic-5.0.30-150600.3.41.4 updated - spacewalk-java-5.0.30-150600.3.41.4 updated - spacewalk-backend-iss-export-5.0.16-150600.4.23.7 updated - susemanager-tools-5.0.16-150600.3.22.1 updated - spacewalk-backend-tools-5.0.16-150600.4.23.7 updated - supportutils-plugin-susemanager-5.0.6-150600.3.9.1 updated - spacewalk-common-5.0.4-150600.3.3.1 updated - spacewalk-utils-5.0.8-150600.3.12.1 updated - spacewalk-postgresql-5.0.4-150600.3.3.1 updated - spacewalk-setup-5.0.8-150600.3.9.1 updated - susemanager-5.0.16-150600.3.22.1 updated - container:suse-manager-5.0-init-5.0.6-5.0.6-7.27.8 added - container:suse-manager-5.0-init-5.0.5.1-5.0.5.1-7.24.10 removed - susemanager-frontend-libs-5.0.0-150600.1.1 removed