SUSE-CU-2025:9184-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-httpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 19 08:28:11 UTC 2025
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9184-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:5.1.1.1.8.12.1 , suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest
Container Release : 8.12.1
Severity : critical
Type : security
References : 1224386 1227207 1231055 1232526 1233529 1237236 1237240 1237241
1237242 1238491 1239566 1239938 1240788 1243381 1243794 1243991
1244050 1245190 1245199 1247498 1247990 1248501 1249055 1249359
1250514 1250520 1250754 1250755 1251305 1251776 1251864 1251912
1251913 1251928 1252160 1252244 1252285 1252425 1252974 1253024
1253043 1253741 1253757 CVE-2025-11563 CVE-2025-1352 CVE-2025-1372
CVE-2025-1376 CVE-2025-1377 CVE-2025-6075 CVE-2025-61911 CVE-2025-61912
CVE-2025-62348 CVE-2025-62349 CVE-2025-7039 CVE-2025-8291
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3847-1
Released: Wed Oct 29 06:06:00 2025
Summary: Recommended update for python-kiwi
Type: recommended
Severity: critical
References: 1243381,1245190,1250754
This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues:
python-kiwi:
- Switch to Python 3.11 based python-kiwi (jsc#PED-13168)
- Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754)
- Fixed get_partition_node_name (bsc#1245190)
- Added new eficsm type attribute (bsc#1243381)
- Included support for older schemas
- New binary packages:
* kiwi-bash-completion
* kiwi-systemdeps-containers-wsl
appx-util:
- Implementation as dependency required by kiwi-systemdeps-containers-wsl
python-docopt, python-xmltodict, libsolv:
- Implementation of Python 3.11 flavours required by python311-kiwi (no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4293-1
Released: Fri Nov 28 10:10:49 2025
Summary: Recommended update for gpgme
Type: recommended
Severity: important
References: 1231055,1252425
This update for gpgme fixes the following issues:
- Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055)
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Reported upstream: dev.gnupg.org/T7919
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4300-1
Released: Fri Nov 28 13:57:41 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4303-1
Released: Fri Nov 28 14:11:38 2025
Summary: Recommended update for kmod
Type: recommended
Severity: important
References: 1253741
This update for kmod fixes the following issues:
- Fix modprobe.d confusion on man page (bsc#1253741):
* document the config file order handling
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released: Fri Nov 28 16:38:46 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4358-1
Released: Thu Dec 11 04:04:56 2025
Summary: Recommended update for apache2
Type: recommended
Severity: moderate
References: 1249359
This update for apache2 fixes the following issues:
- Fixed binary path for Apache's MPM that was partially duplicated when it
can't be invoked/found (bsc#1249359)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released: Thu Dec 11 16:12:16 2025
Summary: Security update for python3
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4454-1
Released: Thu Dec 18 09:51:52 2025
Summary: Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References: 1227207,1247990,1250514,1250520,1250755,1251776,1251864,1251912,1251913,1251928,1252244,1252285,1253024,CVE-2025-61911,CVE-2025-61912,CVE-2025-62348,CVE-2025-62349
Maintenance update for Multi-Linux Manager 5.1.1.1: Server, Proxy and Retail Branch Server
This is a codestream only update
The following package changes have been done:
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.6.1 updated
- libstdc++6-15.2.0+git10201-150000.1.6.1 updated
- libelf1-0.185-150400.5.8.3 updated
- libreadline7-7.0-150400.27.6.1 updated
- libdw1-0.185-150400.5.8.3 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- libudev1-254.27-150600.4.46.2 updated
- libselinux1-3.5-150600.3.3.1 updated
- libglib-2_0-0-2.78.6-150600.4.22.1 updated
- libcurl4-8.14.1-150700.7.5.1 updated
- libgpgme11-1.23.0-150600.3.5.1 updated
- libsolv-tools-base-0.7.35-150700.11.5.2 updated
- curl-8.14.1-150700.7.5.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.22.1 updated
- libgobject-2_0-0-2.78.6-150600.4.22.1 updated
- libkmod2-29-150600.13.3.1 updated
- release-notes-multi-linux-manager-proxy-5.1.1.1-150700.4.6.1 updated
- selinux-tools-3.5-150600.3.3.1 updated
- libsystemd0-254.27-150600.4.46.2 updated
- python3-base-3.6.15-150300.10.100.1 updated
- libpython3_6m1_0-3.6.15-150300.10.100.1 updated
- apache2-prefork-2.4.62-150700.4.6.1 updated
- python3-3.6.15-150300.10.100.1 updated
- systemd-254.27-150600.4.46.2 updated
- libgio-2_0-0-2.78.6-150600.4.22.1 updated
- glib2-tools-2.78.6-150600.4.22.1 updated
- apache2-2.4.62-150700.4.6.1 updated
- container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated
More information about the sle-container-updates
mailing list