SUSE-CU-2025:9185-1: Security update of suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 19 08:28:13 UTC 2025
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9185-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.1.1 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:5.1.1.1.9.10.2 , suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker:latest
Container Release : 9.10.2
Severity : critical
Type : security
References : 1224386 1231055 1232526 1233529 1237236 1237240 1237241 1237242
1238491 1239566 1239938 1240788 1243381 1243794 1243991 1244050
1245190 1245199 1247498 1248501 1249055 1250754 1251305 1252160
1252425 1252974 1253043 1253757 CVE-2025-11563 CVE-2025-1352
CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-6075 CVE-2025-7039
CVE-2025-8291
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/proxy-salt-broker was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3847-1
Released: Wed Oct 29 06:06:00 2025
Summary: Recommended update for python-kiwi
Type: recommended
Severity: critical
References: 1243381,1245190,1250754
This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues:
python-kiwi:
- Switch to Python 3.11 based python-kiwi (jsc#PED-13168)
- Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754)
- Fixed get_partition_node_name (bsc#1245190)
- Added new eficsm type attribute (bsc#1243381)
- Included support for older schemas
- New binary packages:
* kiwi-bash-completion
* kiwi-systemdeps-containers-wsl
appx-util:
- Implementation as dependency required by kiwi-systemdeps-containers-wsl
python-docopt, python-xmltodict, libsolv:
- Implementation of Python 3.11 flavours required by python311-kiwi (no source changes)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4293-1
Released: Fri Nov 28 10:10:49 2025
Summary: Recommended update for gpgme
Type: recommended
Severity: important
References: 1231055,1252425
This update for gpgme fixes the following issues:
- Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055)
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Reported upstream: dev.gnupg.org/T7919
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4300-1
Released: Fri Nov 28 13:57:41 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released: Fri Nov 28 16:38:46 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4362-1
Released: Thu Dec 11 11:08:27 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1253043
This update for gcc15 fixes the following issues:
- Enable the use of _dl_find_object even when not available at build time. [bsc#1253043]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4368-1
Released: Thu Dec 11 16:12:16 2025
Summary: Security update for python3
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
The following package changes have been done:
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.6.1 updated
- libstdc++6-15.2.0+git10201-150000.1.6.1 updated
- libelf1-0.185-150400.5.8.3 updated
- libreadline7-7.0-150400.27.6.1 updated
- libdw1-0.185-150400.5.8.3 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- libudev1-254.27-150600.4.46.2 updated
- libselinux1-3.5-150600.3.3.1 updated
- libglib-2_0-0-2.78.6-150600.4.22.1 updated
- libcurl4-8.14.1-150700.7.5.1 updated
- libgpgme11-1.23.0-150600.3.5.1 updated
- libsolv-tools-base-0.7.35-150700.11.5.2 updated
- curl-8.14.1-150700.7.5.1 updated
- libpython3_6m1_0-3.6.15-150300.10.100.1 updated
- python3-base-3.6.15-150300.10.100.1 updated
- python3-3.6.15-150300.10.100.1 updated
- container:bci-bci-base-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated
More information about the sle-container-updates
mailing list