SUSE-CU-2025:9178-1: Security update of suse/manager/5.0/x86_64/proxy-ssh

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Dec 19 08:27:22 UTC 2025 

SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9178-1
Container Tags        : suse/manager/5.0/x86_64/proxy-ssh:5.0.6 , suse/manager/5.0/x86_64/proxy-ssh:5.0.6.7.29.1 , suse/manager/5.0/x86_64/proxy-ssh:latest
Container Release     : 7.29.1
Severity              : moderate
Type                  : security
References            : 1224386 1248501 1251198 1251199 1251305 1252974 CVE-2025-6075
                        CVE-2025-61984 CVE-2025-61985 CVE-2025-8291 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4067-1
Released:    Wed Nov 12 09:03:26 2025
Summary:     Security update for openssh
Type:        security
Severity:    moderate
References:  1251198,1251199,CVE-2025-61984,CVE-2025-61985
This update for openssh fixes the following issues:

- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released:    Wed Nov 19 11:15:12 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1224386,1248501
This update for systemd fixes the following issues:

- systemd.spec: use %sysusers_generate_pre so that some systemd users are
  already available in %pre. This is important because D-Bus automatically
  reloads its configuration whenever new configuration files are installed,
  i.e. between %pre and %post. (bsc#1248501)
  
  No needs for systemd and udev packages as they are always installed during
  the initial installation.

- Split systemd-network into two new sub-packages: systemd-networkd and
  systemd-resolved (bsc#1224386 jsc#PED-12669)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released:    Thu Dec 11 16:12:16 2025
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:

- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
  to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
  ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).


The following package changes have been done:

- openssh-common-9.6p1-150600.6.34.1 updated
- libsystemd0-254.27-150600.4.46.2 updated
- libpython3_6m1_0-3.6.15-150300.10.100.1 updated
- python3-base-3.6.15-150300.10.100.1 updated
- python3-3.6.15-150300.10.100.1 updated
- openssh-fips-9.6p1-150600.6.34.1 updated
- openssh-clients-9.6p1-150600.6.34.1 updated
- openssh-server-9.6p1-150600.6.34.1 updated
- openssh-9.6p1-150600.6.34.1 updated

More information about the sle-container-updates mailing list