SUSE-IU-2025:4009-1: Security update of suse/sle-micro/base-5.5

Tue Dec 23 08:05:40 UTC 2025

SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:4009-1
Image Tags        : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.230 , suse/sle-micro/base-5.5:latest
Image Release     : 5.8.230
Severity          : important
Type              : security
References        : 1233640 1249806 1251786 1252033 1252267 1252780 1252862 1253367
                        1253431 1253436 1254297 1254662 1254878 CVE-2022-50280 CVE-2023-53676
                        CVE-2024-53093 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512 CVE-2025-40040
                        CVE-2025-40048 CVE-2025-40121 CVE-2025-40154 CVE-2025-40204 
-----------------------------------------------------------------

The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4504-1
Released:    Mon Dec 22 17:29:14 2025
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:

- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
  filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
  processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
  large number of unacceptable characters may lead to crash or code execution (bsc#1254297).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4506-1
Released:    Mon Dec 22 17:38:35 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1233640,1249806,1251786,1252033,1252267,1252780,1252862,1253367,1253431,1253436,CVE-2022-50280,CVE-2023-53676,CVE-2024-53093,CVE-2025-40040,CVE-2025-40048,CVE-2025-40121,CVE-2025-40154,CVE-2025-40204
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non-security bugs were fixed:

- Fix type signess in fbcon_set_font() (bsc#1252033).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).

The following package changes have been done:

- kernel-default-5.14.21-150500.55.130.3 updated
- libglib-2_0-0-2.70.5-150400.3.29.1 updated
- libgobject-2_0-0-2.70.5-150400.3.29.1 updated
- libgmodule-2_0-0-2.70.5-150400.3.29.1 updated
- libgio-2_0-0-2.70.5-150400.3.29.1 updated
- glib2-tools-2.70.5-150400.3.29.1 updated