SUSE-IU-2025:3932-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Dec 17 08:15:13 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3932-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.20 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 6.20
Severity          : critical
Type              : security
References        : 1027519 1214718 1218851 1219080 1219885 1221332 1221334 1221984
                        1222302 1222453 1225953 1227355 1228574 1228575 1233593 1233594
                        CVE-2023-28746 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46842
                        CVE-2024-11595 CVE-2024-11596 CVE-2024-2193 CVE-2024-2201 CVE-2024-31142
                        CVE-2024-31143 CVE-2024-31145 CVE-2024-31146 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 108
Released:    Mon Feb  3 10:11:08 2025
Summary:     Security update for xen
Type:        security
Severity:    critical
References:  1027519,1214718,1218851,1219080,1219885,1221332,1221334,1221984,1222302,1222453,1225953,1227355,1228574,1228575,CVE-2023-28746,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841,CVE-2023-46842,CVE-2024-2193,CVE-2024-2201,CVE-2024-31142,CVE-2024-31143,CVE-2024-31145,CVE-2024-31146
This update for xen fixes the following issues:

- Update to Xen 4.18.3 security bug fix release (bsc#1027519)
  * No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
  IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
  with shared resources (XSA-461)
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
  guest IRQ handling (XSA-458)
- bsc#1214718 - The system hangs intermittently when Power Control
  Mode is set to Minimum Power on SLES15SP5 Xen
- Upstream bug fixes (bsc#1027519)

- bsc#1225953 - Package xen does not build with gcc14 because of
  new errors
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- Upstream bug fixes (bsc#1027519)

- Update to Xen 4.18.2 security bug fix release (bsc#1027519)
  xen-4.18.2-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
  for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)

- Update to Xen 4.18.1 bug fix release (bsc#1027519)
  xen-4.18.1-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)

- Upstream bug fixes (bsc#1027519)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)

-----------------------------------------------------------------
Advisory ID: 109
Released:    Mon Feb  3 10:11:27 2025
Summary:     Security update for wireshark
Type:        security
Severity:    important
References:  1233593,1233594,CVE-2024-11595,CVE-2024-11596
This update for wireshark fixes the following issues:

Wireshark 4.2.9:

* CVE-2024-11595: FiveCo RAP dissector infinite loop (bsc#1233594).
* CVE-2024-11596: ECMP dissector crash (bsc#1233593).


The following package changes have been done:

- libfreetype6-2.13.3-160000.3.1 updated
- libldap-data-2.6.10+10-160000.3.1 updated
- libldap-2-2.6.10+10-160000.3.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-35e6f9297d3fe36d402319e557c36610be85b6863f587e592155d3a6740f8c35-0 updated

More information about the sle-container-updates mailing list