From sle-container-updates at lists.suse.com Sat Feb 1 08:03:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 1 Feb 2025 09:03:20 +0100 (CET) Subject: SUSE-IU-2025:462-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250201080320.13976FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:462-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.261 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.261 Severity : moderate Type : recommended References : 1228079 1231166 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:308-1 Released: Fri Jan 31 05:52:48 2025 Summary: Recommended update for qemu Type: recommended Severity: moderate References: 1228079,1231166 This update for qemu fixes the following issues: - target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest (bsc#1228079) - Fixed qemu translation not being installed (bsc#1231166) The following package changes have been done: - qemu-guest-agent-7.1.0-150500.49.27.4 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:03:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:03:43 +0100 (CET) Subject: SUSE-CU-2025:527-1: Security update of containers/open-webui Message-ID: <20250204080343.B6873F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:527-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.11 Container Release : 7.11 Severity : important Type : security References : 1228184 CVE-2024-40897 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:344-1 Released: Mon Feb 3 18:05:02 2025 Summary: Security update for orc Type: security Severity: important References: 1228184,CVE-2024-40897 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files (bsc#1228184) The following package changes have been done: - liborc-0_4-0-0.4.28-150000.3.9.1 updated - opencv4-cascades-data-4.10.0-150600.1.7 updated - libprotobuf25_5_0-25.5-150600.2.23 updated - python311-protobuf-4.25.5-150600.2.23 updated - libopencv410-4.10.0-150600.1.7 updated - libopencv_objdetect410-4.10.0-150600.1.7 updated - libopencv_imgcodecs410-4.10.0-150600.1.7 updated - libopencv_face410-4.10.0-150600.1.7 updated - libopencv_aruco410-4.10.0-150600.1.7 updated - libopencv_ximgproc410-4.10.0-150600.1.7 updated - libopencv_optflow410-4.10.0-150600.1.7 updated - libopencv_highgui410-4.10.0-150600.1.7 updated - libopencv_gapi410-4.10.0-150600.1.7 updated - libopencv_videoio410-4.10.0-150600.1.7 updated - python311-opencv-4.10.0-150600.1.7 updated - python311-open-webui-0.3.32-150600.1.40 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:05:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:05:08 +0100 (CET) Subject: SUSE-IU-2025:510-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250204080508.0BAF7FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:510-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.138 , suse/sle-micro/base-5.5:latest Image Release : 5.8.138 Severity : moderate Type : security References : 1233760 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:340-1 Released: Mon Feb 3 17:32:08 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.40.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated - rsync-3.2.3-150400.3.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:05:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:05:32 +0100 (CET) Subject: SUSE-IU-2025:511-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250204080532.9BBFDFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:511-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.266 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.266 Severity : moderate Type : security References : 1233760 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:340-1 Released: Mon Feb 3 17:32:08 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.40.1 updated - rsync-3.2.3-150400.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.138 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:06:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:06:07 +0100 (CET) Subject: SUSE-IU-2025:512-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250204080607.C9D73FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:512-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.303 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.303 Severity : moderate Type : security References : 1233760 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:340-1 Released: Mon Feb 3 17:32:08 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.40.1 updated - rsync-3.2.3-150400.3.20.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.231 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:06:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:06:50 +0100 (CET) Subject: SUSE-IU-2025:513-1: Security update of suse/sle-micro/5.5 Message-ID: <20250204080650.34D78FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:513-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.231 , suse/sle-micro/5.5:latest Image Release : 5.5.231 Severity : moderate Type : security References : 1233760 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:340-1 Released: Mon Feb 3 17:32:08 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.40.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated - rsync-3.2.3-150400.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.138 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:11:52 +0100 (CET) Subject: SUSE-CU-2025:531-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250204081152.45D7AF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:531-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.77 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.77 Severity : important Type : security References : 1236460 1236619 CVE-2022-49043 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150400.3.15.1 updated - libxml2-2-2.9.14-150400.5.35.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:14:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:14:51 +0100 (CET) Subject: SUSE-CU-2025:533-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250204081451.F1F7DF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:533-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.77 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.77 Severity : important Type : security References : 1236460 1236619 CVE-2022-49043 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150400.3.15.1 updated - libxml2-2-2.9.14-150400.5.35.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:17:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:17:46 +0100 (CET) Subject: SUSE-CU-2025:539-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250204081746.53490F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:539-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.17 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.17 , suse/ltss/sle15.4/sle15:latest Container Release : 2.17 Severity : important Type : security References : 1236460 1236619 CVE-2022-49043 CVE-2025-24528 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150400.3.15.1 updated - libxml2-2-2.9.14-150400.5.35.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:20:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:20:00 +0100 (CET) Subject: SUSE-CU-2025:540-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250204082000.25D7BF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:540-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.6 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.6 , suse/ltss/sle15.5/sle15:latest Container Release : 4.6 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.40.1 updated - libopenssl1_1-1.1.1l-150500.17.40.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:20:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:20:21 +0100 (CET) Subject: SUSE-CU-2025:541-1: Recommended update of suse/registry Message-ID: <20250204082021.99922F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:541-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.6 , suse/registry:latest Container Release : 33.6 Severity : moderate Type : recommended References : 1233433 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:330-1 Released: Mon Feb 3 11:50:09 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1233433 This update for apache2 fixes the following issue: - update-alternatives script not called during httpd update, never triggered from 'zypper dup' (bsc#1233433). The following package changes have been done: - apache2-utils-2.4.58-150600.5.32.2 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:20:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:20:49 +0100 (CET) Subject: SUSE-CU-2025:542-1: Security update of bci/openjdk Message-ID: <20250204082049.C49E9F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:542-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-32.13 , bci/openjdk:latest Container Release : 32.13 Severity : moderate Type : security References : 1236278 CVE-2025-21502 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:279-1 Released: Wed Jan 29 00:46:57 2025 Summary: Security update for java-21-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-21-openjdk fixes the following issues: Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures - JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads' - JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC - JDK-8311301: MethodExitTest may fail with stack buffer overrun - JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token - JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts - JDK-8316428: G1: Nmethod count statistics only count last code root set iterated - JDK-8316893: Compile without -fno-delete-null-pointer-checks - JDK-8316895: SeenThread::print_action_queue called on a null pointer - JDK-8316907: Fix nonnull-compare warnings - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result - JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads - JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319673: Few security tests ignore VM flags - JDK-8319678: Several tests from corelibs areas ignore VM flags - JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes' - JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64 - JDK-8319973: AArch64: Save and restore FPCR in the call stub - JDK-8320192: SHAKE256 does not work correctly if n >= 137 - JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr - JDK-8320575: generic type information lost on mandated parameters of record's compact constructors - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' - JDK-8320892: AArch64: Restore FPU control state after JNI - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21 - JDK-8321543: Update NSS to version 3.96 - JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8321940: Improve CDSHeapVerifier in handling of interned strings - JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324841: PKCS11 tests still skip execution - JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325399: Add tests for virtual threads doing Selector operations - JDK-8325506: Ensure randomness is only read from provided SecureRandom object - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived - JDK-8329533: TestCDSVMCrash fails on libgraal - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64 - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero - JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization - JDK-8333144: docker tests do not work when ubsan is configured - JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1 - JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64 - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows - JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero - JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set - JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717 - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337876: [IR Framework] Add support for IR tests with @Stable - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks - JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build - JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338389: [JFR] Long strings should be added to the string pool - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp - JDK-8338550: Do libubsan1 installation in test container only if requested - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5 - JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method - JDK-8339416: [s390x] Provide implementation for resolve_global_jobject - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate - JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask' - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340801: Disable ubsan checks in some awt/2d coding - JDK-8340804: doc/building.md update Xcode instructions to note that full install is required - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8340923: The class LogSelection copies uninitialized memory - JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default - JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code - JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code - JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags - JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342607: Enhance register printing on x86_64 platforms - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default - JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask' - JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343506: [s390x] multiple test failures with ubsan - JDK-8343724: [PPC64] Disallow OptoScheduling - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343884: [s390x] Disallow OptoScheduling - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java - JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails - JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21 - JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms - JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6 The following package changes have been done: - java-21-openjdk-headless-21.0.6.0-150600.3.9.1 updated - java-21-openjdk-21.0.6.0-150600.3.9.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:21:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:21:13 +0100 (CET) Subject: SUSE-CU-2025:543-1: Recommended update of bci/php-apache Message-ID: <20250204082113.A93D2F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:543-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.13 , bci/php-apache:latest Container Release : 48.13 Severity : moderate Type : recommended References : 1233433 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:330-1 Released: Mon Feb 3 11:50:09 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1233433 This update for apache2 fixes the following issue: - update-alternatives script not called during httpd update, never triggered from 'zypper dup' (bsc#1233433). The following package changes have been done: - apache2-prefork-2.4.58-150600.5.32.2 updated - apache2-2.4.58-150600.5.32.2 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:23:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:23:04 +0100 (CET) Subject: SUSE-CU-2025:558-1: Recommended update of suse/sles/15.7/virt-launcher Message-ID: <20250204082304.C61DBF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:558-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.41 , suse/sles/15.7/virt-launcher:1.1.1.34.80 Container Release : 34.80 Severity : moderate Type : recommended References : 1234214 1234245 1234333 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:225-1 Released: Wed Jan 22 15:31:54 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1234214,1234245,1234333 This update for vim fixes the following issues: - Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245). Package 'xxd' has been obsoleted by Vim, as it provides the xxd files directly. However, because the 'Obsoletes' entry was versioned, depending on which version of 'xxd' that is installed, the 'Obsoletes' isn't actually triggered. Thus, there is a conflict between 'vim' and 'xxd' in these cases. Fixing this by removing the version completely. The 'vim' package should always replace 'xxd', even if people are migrating from an older SLE15 service pack which has the exact same version. The following package changes have been done: - glibc-2.38-150700.20.1 updated - libuuid1-2.40.4-150700.1.2 updated - libsmartcols1-2.40.4-150700.1.2 updated - libgpg-error0-1.50-150700.1.3 updated - findutils-4.10.0-150700.1.3 updated - libgcrypt20-1.11.0-150700.2.11 updated - libblkid1-2.40.4-150700.1.2 updated - libopenssl3-3.2.3-150700.3.5 updated - grep-3.11-150700.1.3 updated - libmount1-2.40.4-150700.1.2 updated - libfdisk1-2.40.4-150700.1.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.5 updated - sles-release-15.7-150700.18.1 updated - util-linux-2.40.4-150700.1.2 updated - kubevirt-container-disk-1.1.1-150700.9.41 updated - libdevmapper1_03-2.03.24_1.02.198-150700.1.3 updated - libnettle8-3.10.1-150700.2.4 updated - qemu-accel-tcg-x86-9.2.0-150700.2.1 updated - qemu-hw-usb-host-9.2.0-150700.2.1 updated - qemu-ipxe-9.2.0-150700.2.1 updated - qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.2.1 updated - qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.2.1 updated - vim-data-common-9.1.0836-150500.20.18.1 updated - libhogweed6-3.10.1-150700.2.4 updated - qemu-hw-usb-redirect-9.2.0-150700.2.1 updated - suse-module-tools-15.7.4-150700.1.1 updated - vim-small-9.1.0836-150500.20.18.1 updated - xen-libs-4.20.0_06-150700.1.1 updated - qemu-img-9.2.0-150700.2.1 updated - libvirt-libs-11.0.0-150700.1.1 updated - rdma-core-54.0-150700.1.4 updated - libvirt-daemon-log-11.0.0-150700.1.1 updated - libvirt-client-11.0.0-150700.1.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.41 updated - libibverbs1-54.0-150700.1.4 updated - libmlx5-1-54.0-150700.1.4 updated - libvirt-daemon-common-11.0.0-150700.1.1 updated - libmlx4-1-54.0-150700.1.4 updated - libmana1-54.0-150700.1.4 updated - libhns1-54.0-150700.1.4 updated - libefa1-54.0-150700.1.4 updated - libibverbs-54.0-150700.1.4 updated - librdmacm1-54.0-150700.1.4 updated - qemu-x86-9.2.0-150700.2.1 updated - qemu-9.2.0-150700.2.1 updated - libvirt-daemon-driver-qemu-11.0.0-150700.1.1 updated - container:sles15-image-15.7.0-3.5 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:23:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:23:11 +0100 (CET) Subject: SUSE-CU-2025:559-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250204082311.B0AA9F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:559-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.41 , suse/sles/15.7/libguestfs-tools:1.1.1.28.113 Container Release : 28.113 Severity : moderate Type : security References : 1192020 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:196-1 Released: Tue Jan 21 09:34:32 2025 Summary: Security update for dhcp Type: security Severity: moderate References: 1192020 This update for dhcp fixes the following issues: - Fixed dhcp not starting in case group nogroup is missing (bsc#1192020) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:222-1 Released: Wed Jan 22 12:30:04 2025 Summary: Feature update for zypper, libzypp Type: feature Severity: low References: This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append '-' or '--' to the '' pattern. Note that the edition part must always match exactly. - version 1.14.79 The following package changes have been done: - glibc-2.38-150700.20.1 updated - libuuid1-2.40.4-150700.1.2 updated - libsmartcols1-2.40.4-150700.1.2 updated - libgpg-error0-1.50-150700.1.3 updated - findutils-4.10.0-150700.1.3 updated - libgcrypt20-1.11.0-150700.2.11 updated - libblkid1-2.40.4-150700.1.2 updated - libopenssl3-3.2.3-150700.3.5 updated - grep-3.11-150700.1.3 updated - libmount1-2.40.4-150700.1.2 updated - libfdisk1-2.40.4-150700.1.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.5 updated - sles-release-15.7-150700.18.1 updated - libzypp-17.35.16-150600.3.41.1 updated - zypper-1.14.79-150600.10.19.1 updated - util-linux-2.40.4-150700.1.2 updated - libguestfs-winsupport-1.55.2-150700.1.4 updated - libdevmapper1_03-2.03.24_1.02.198-150700.1.3 updated - libnettle8-3.10.1-150700.2.4 updated - libopenssl1_1-1.1.1w-150700.9.10 updated - qemu-accel-tcg-x86-9.2.0-150700.2.1 updated - qemu-ipxe-9.2.0-150700.2.1 updated - qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.2.1 updated - qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.2.1 updated - libhogweed6-3.10.1-150700.2.4 updated - libmpath0-0.10.2+117+suse.33411aa-150700.1.1 updated - xen-libs-4.20.0_06-150700.1.1 updated - qemu-vmsr-helper-9.2.0-150700.2.1 updated - qemu-pr-helper-9.2.0-150700.2.1 updated - qemu-img-9.2.0-150700.2.1 updated - qemu-tools-9.2.0-150700.2.1 updated - util-linux-systemd-2.40.4-150700.1.1 updated - libvirt-libs-11.0.0-150700.1.1 updated - suse-module-tools-15.7.4-150700.1.1 updated - supermin-5.3.5-150700.2.3 updated - dhcp-4.3.6.P1-150000.6.22.1 updated - rdma-core-54.0-150700.1.4 updated - dhcp-client-4.3.6.P1-150000.6.22.1 updated - libibverbs1-54.0-150700.1.4 updated - libmlx5-1-54.0-150700.1.4 updated - libmlx4-1-54.0-150700.1.4 updated - libmana1-54.0-150700.1.4 updated - libhns1-54.0-150700.1.4 updated - libefa1-54.0-150700.1.4 updated - libibverbs-54.0-150700.1.4 updated - librdmacm1-54.0-150700.1.4 updated - qemu-x86-9.2.0-150700.2.1 updated - qemu-9.2.0-150700.2.1 updated - libguestfs0-1.55.2-150700.1.4 updated - libguestfs-devel-1.55.2-150700.1.4 updated - libguestfs-appliance-1.55.2-150700.1.4 updated - libguestfs-1.55.2-150700.1.4 updated - container:sles15-image-15.7.0-3.5 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:24:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:24:16 +0100 (CET) Subject: SUSE-CU-2025:561-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250204082416.02DBCF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:561-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.18 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.18 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - python3-libxml2-2.9.14-150400.5.35.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:24:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:24:16 +0100 (CET) Subject: SUSE-CU-2025:562-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250204082416.C82D0F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:562-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.19 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.19 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - libxml2-2-2.9.14-150400.5.35.1 updated - krb5-1.19.2-150400.3.15.1 updated - container:sles15-ltss-image-15.4.0-2.17 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:24:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:24:51 +0100 (CET) Subject: SUSE-CU-2025:563-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250204082451.48ECEF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:563-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.21 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.21 Severity : important Type : security References : 1236460 1236619 CVE-2022-49043 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - libxml2-2-2.9.14-150400.5.35.1 updated - krb5-1.19.2-150400.3.15.1 updated - container:sles15-ltss-image-15.4.0-2.17 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:25:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:25:29 +0100 (CET) Subject: SUSE-CU-2025:564-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250204082529.254B4F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:564-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.14 , suse/manager/4.3/proxy-squid:4.3.14.9.59.10 , suse/manager/4.3/proxy-squid:latest Container Release : 9.59.10 Severity : important Type : security References : 1236460 1236619 CVE-2022-49043 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:341-1 Released: Mon Feb 3 17:33:00 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - libxml2-2-2.9.14-150400.5.35.1 updated - krb5-1.19.2-150400.3.15.1 updated - container:sles15-ltss-image-15.4.0-2.17 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:26:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:26:05 +0100 (CET) Subject: SUSE-CU-2025:565-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250204082605.A7C74F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:565-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.11 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.11 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150400.3.15.1 updated - container:sles15-ltss-image-15.4.0-2.17 updated From sle-container-updates at lists.suse.com Tue Feb 4 08:26:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 09:26:45 +0100 (CET) Subject: SUSE-CU-2025:566-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250204082645.4C78FF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:566-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.11 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.11 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:343-1 Released: Mon Feb 3 18:03:52 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The following package changes have been done: - krb5-1.19.2-150400.3.15.1 updated - container:sles15-ltss-image-15.4.0-2.17 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:43:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:43:05 +0100 (CET) Subject: SUSE-IU-2025:518-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250204134305.B4F78F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:518-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.139 , suse/sle-micro/base-5.5:latest Image Release : 5.8.139 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:43:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:43:28 +0100 (CET) Subject: SUSE-IU-2025:519-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250204134328.B541AF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:519-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.268 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.268 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.139 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:44:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:44:00 +0100 (CET) Subject: SUSE-IU-2025:520-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250204134400.AFF8BF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:520-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.306 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.306 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.233 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:44:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:44:39 +0100 (CET) Subject: SUSE-IU-2025:521-1: Security update of suse/sle-micro/5.5 Message-ID: <20250204134439.DC12FF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:521-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.233 , suse/sle-micro/5.5:latest Image Release : 5.5.233 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.139 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:48:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:48:45 +0100 (CET) Subject: SUSE-CU-2025:572-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250204134845.4FDC4F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:572-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.78 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.78 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - libopenssl1_1-1.1.1l-150400.7.78.1 updated - openssl-1_1-1.1.1l-150400.7.78.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:51:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:51:27 +0100 (CET) Subject: SUSE-CU-2025:574-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250204135127.6BBDAF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:574-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.78 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.78 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - libopenssl1_1-1.1.1l-150400.7.78.1 updated - openssl-1_1-1.1.1l-150400.7.78.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:51:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:51:45 +0100 (CET) Subject: SUSE-IU-2025:522-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250204135145.DBB31F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:522-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.3 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.3 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 203 Released: Tue Feb 4 09:59:54 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). - CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). - CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). - CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). - CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). The following package changes have been done: - rsync-3.2.7-4.1 updated - container:SL-Micro-base-container-2.1.3-5.3 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:52:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:52:00 +0100 (CET) Subject: SUSE-IU-2025:523-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250204135200.B902CF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:523-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.3 , suse/sl-micro/6.0/base-os-container:latest Image Release : 5.3 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 203 Released: Tue Feb 4 09:59:54 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). - CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). - CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). - CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). - CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). The following package changes have been done: - rsync-3.2.7-4.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:52:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:52:16 +0100 (CET) Subject: SUSE-IU-2025:524-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250204135216.12556F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:524-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-5.3 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 5.3 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 203 Released: Tue Feb 4 09:59:54 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). - CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). - CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). - CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). - CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). The following package changes have been done: - rsync-3.2.7-4.1 updated - container:SL-Micro-base-container-2.1.3-5.3 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:52:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:52:35 +0100 (CET) Subject: SUSE-IU-2025:525-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250204135235.8DF38F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:525-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-6.2 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 6.2 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 203 Released: Tue Feb 4 09:59:54 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). - CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). - CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). - CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). - CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). The following package changes have been done: - rsync-3.2.7-4.1 updated - container:SL-Micro-container-2.1.3-5.3 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:54:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:54:02 +0100 (CET) Subject: SUSE-CU-2025:580-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250204135402.A33A2F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:580-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.18 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.18 , suse/ltss/sle15.4/sle15:latest Container Release : 2.18 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - libopenssl1_1-1.1.1l-150400.7.78.1 updated - openssl-1_1-1.1.1l-150400.7.78.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:56:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:56:01 +0100 (CET) Subject: SUSE-CU-2025:581-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250204135601.33288F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:581-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.7 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.7 , suse/ltss/sle15.5/sle15:latest Container Release : 4.7 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:56:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:56:20 +0100 (CET) Subject: SUSE-CU-2025:582-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250204135620.D86D4F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:582-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.92 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.92 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:56:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:56:43 +0100 (CET) Subject: SUSE-CU-2025:583-1: Security update of bci/kiwi Message-ID: <20250204135643.6C7BDF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:583-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.19 , bci/kiwi:latest Container Release : 20.19 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-tools-2.10.3-150500.5.20.1 updated - libxml2-devel-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:00 +0100 (CET) Subject: SUSE-CU-2025:584-1: Security update of suse/postgres Message-ID: <20250204135700.2B6F4F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:584-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-58.2 Container Release : 58.2 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:03 +0100 (CET) Subject: SUSE-CU-2025:585-1: Security update of suse/postgres Message-ID: <20250204135703.C5F94F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:585-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-39.2 , suse/postgres:latest Container Release : 39.2 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:18 +0100 (CET) Subject: SUSE-CU-2025:586-1: Security update of suse/rmt-mariadb Message-ID: <20250204135718.7C24DF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:586-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.11 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.11 , suse/rmt-mariadb:latest Container Release : 60.11 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:26 +0100 (CET) Subject: SUSE-CU-2025:587-1: Security update of containers/apache-tomcat Message-ID: <20250204135726.BB76FF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:587-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.13 Container Release : 62.13 Severity : important Type : security References : 1236278 1236460 CVE-2022-49043 CVE-2025-21502 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:338-1 Released: Mon Feb 3 16:12:41 2025 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 updated - java-11-openjdk-11.0.26.0-150000.3.122.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:37 +0100 (CET) Subject: SUSE-CU-2025:588-1: Security update of containers/apache-tomcat Message-ID: <20250204135737.03E46F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:588-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.13 Container Release : 62.13 Severity : important Type : security References : 1236278 1236460 CVE-2022-49043 CVE-2025-21502 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:339-1 Released: Mon Feb 3 16:14:14 2025 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 (January 2025 CPU): Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8071693: Introspector ignores default interface methods - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails - JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with 'RuntimeException: Could not find class leak' - JDK-8268364: jmethod clearing should be done during unloading - JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee - JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN - JDK-8271456: Avoid looking up standard charsets in 'java.desktop' module - JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags - JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags - JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs - JDK-8272746: ZipFile can't open big file (NegativeArraySizeException) - JDK-8273914: Indy string concat changes order of operations - JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution - JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop - JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with 'SocketTimeoutException: Read timed out' - JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test - JDK-8280131: jcmd reports 'Module jdk.jfr not found.' when 'jdk.management.jfr' is missing - JDK-8281379: Assign package declarations to all jtreg test cases under gc - JDK-8282578: AIOOBE in javax.sound.sampled.Clip - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts - JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11 - JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem - JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable - JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer - JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around - JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with 'Test failed: should be unloaded' - JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests - JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023 - JDK-8292309: Fix 'java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java' test - JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes - JDK-8293877: Rewrite MineField test - JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory - JDK-8294726: Update URLs in minefield tests - JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher - JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java - JDK-8295859: Update Manual Test Groups - JDK-8296709: WARNING: JNI call made without checking exceptions - JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker - JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones - JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated - JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP - JDK-8303697: ProcessTools doesn't print last line of process output - JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java - JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally - JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose - JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out - JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate - JDK-8307297: Move some DnD tests to open - JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM - JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1 - JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options - JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI - JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK- - JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests - JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04 - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313638: Add test for dump of resolved references - JDK-8313854: Some tests in serviceability area fail on localized Windows platform - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..) - JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags - JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags - JDK-8314831: NMT tests ignore vm flags - JDK-8315097: Rename createJavaProcessBuilder - JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags - JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm - JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm - JDK-8316446: 4 sun/management/jdp tests ignore VM flags - JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags - JDK-8316464: 3 sun/tools tests ignore VM flags - JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829 - JDK-8316581: Improve performance of Symbol::print_value_on() - JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm - JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm - JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm - JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' - JDK-8318964: Fix build failures caused by 8315097 - JDK-8319574: Exec/process tests should be marked as flagless - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319651: Several network tests ignore vm flags when start java process - JDK-8319817: Charset constructor should make defensive copy of aliases - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320675: PrinterJob/SecurityDialogTest.java hangs - JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321543: Update NSS to version 3.96 - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322766: Micro bench SSLHandshake should use default algorithms - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 - JDK-8324841: PKCS11 tests still skip execution - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325616: JFR ZGC Allocation Stall events should record stack traces - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8326948: Force English locale for timeout formatting - JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug - JDK-8327474: Review use of java.io.tmpdir in jdk tests - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8328957: Update PKCS11Test.java to not use hardcoded path - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330464: hserr generic events - add entry for the before_exit calls - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8330814: Cleanups for KeepAliveCache tests - JDK-8331142: Add test for number of loader threads in BasicDirectoryModel - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS - JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock - JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only - JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer - JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' - JDK-8331863: DUIterator_Fast used before it is constructed - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null - JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' - JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int' - JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335904: Fix invalid comment in ShenandoahLock - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336342: Fix known X11 library locations in sysroot - JDK-8336343: Add more known sysroot library locations for ALSA - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338286: GHA: Demote x86_32 to hotspot build only - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags - JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8 - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - java-17-openjdk-headless-17.0.14.0-150400.3.51.1 updated - java-17-openjdk-17.0.14.0-150400.3.51.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:46 +0100 (CET) Subject: SUSE-CU-2025:589-1: Security update of containers/apache-tomcat Message-ID: <20250204135746.C151AF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:589-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.13 Container Release : 62.13 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 13:57:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 14:57:54 +0100 (CET) Subject: SUSE-CU-2025:590-1: Security update of containers/apache-tomcat Message-ID: <20250204135754.4A09DF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:590-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.13 Container Release : 62.13 Severity : important Type : security References : 1236278 1236460 CVE-2022-49043 CVE-2025-21502 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:338-1 Released: Mon Feb 3 16:12:41 2025 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 updated - java-11-openjdk-11.0.26.0-150000.3.122.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 14:11:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 15:11:40 +0100 (CET) Subject: SUSE-CU-2025:590-1: Security update of containers/apache-tomcat Message-ID: <20250204141140.D49C2F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:590-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.13 Container Release : 62.13 Severity : important Type : security References : 1236278 1236460 CVE-2022-49043 CVE-2025-21502 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:338-1 Released: Mon Feb 3 16:12:41 2025 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 updated - java-11-openjdk-11.0.26.0-150000.3.122.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 14:11:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 15:11:51 +0100 (CET) Subject: SUSE-CU-2025:591-1: Security update of containers/apache-tomcat Message-ID: <20250204141151.E0D64F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:591-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.13 Container Release : 62.13 Severity : important Type : security References : 1236278 1236460 CVE-2022-49043 CVE-2025-21502 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:339-1 Released: Mon Feb 3 16:14:14 2025 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 (January 2025 CPU): Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8071693: Introspector ignores default interface methods - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails - JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with 'RuntimeException: Could not find class leak' - JDK-8268364: jmethod clearing should be done during unloading - JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee - JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN - JDK-8271456: Avoid looking up standard charsets in 'java.desktop' module - JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags - JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags - JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs - JDK-8272746: ZipFile can't open big file (NegativeArraySizeException) - JDK-8273914: Indy string concat changes order of operations - JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution - JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop - JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with 'SocketTimeoutException: Read timed out' - JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test - JDK-8280131: jcmd reports 'Module jdk.jfr not found.' when 'jdk.management.jfr' is missing - JDK-8281379: Assign package declarations to all jtreg test cases under gc - JDK-8282578: AIOOBE in javax.sound.sampled.Clip - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts - JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11 - JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem - JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable - JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer - JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around - JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with 'Test failed: should be unloaded' - JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests - JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023 - JDK-8292309: Fix 'java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java' test - JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes - JDK-8293877: Rewrite MineField test - JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory - JDK-8294726: Update URLs in minefield tests - JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher - JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java - JDK-8295859: Update Manual Test Groups - JDK-8296709: WARNING: JNI call made without checking exceptions - JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker - JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones - JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated - JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP - JDK-8303697: ProcessTools doesn't print last line of process output - JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java - JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally - JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose - JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out - JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate - JDK-8307297: Move some DnD tests to open - JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM - JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1 - JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options - JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI - JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK- - JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests - JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04 - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313638: Add test for dump of resolved references - JDK-8313854: Some tests in serviceability area fail on localized Windows platform - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..) - JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags - JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags - JDK-8314831: NMT tests ignore vm flags - JDK-8315097: Rename createJavaProcessBuilder - JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags - JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm - JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm - JDK-8316446: 4 sun/management/jdp tests ignore VM flags - JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags - JDK-8316464: 3 sun/tools tests ignore VM flags - JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829 - JDK-8316581: Improve performance of Symbol::print_value_on() - JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm - JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm - JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm - JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' - JDK-8318964: Fix build failures caused by 8315097 - JDK-8319574: Exec/process tests should be marked as flagless - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319651: Several network tests ignore vm flags when start java process - JDK-8319817: Charset constructor should make defensive copy of aliases - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320675: PrinterJob/SecurityDialogTest.java hangs - JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321543: Update NSS to version 3.96 - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322766: Micro bench SSLHandshake should use default algorithms - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 - JDK-8324841: PKCS11 tests still skip execution - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325616: JFR ZGC Allocation Stall events should record stack traces - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8326948: Force English locale for timeout formatting - JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug - JDK-8327474: Review use of java.io.tmpdir in jdk tests - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8328957: Update PKCS11Test.java to not use hardcoded path - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330464: hserr generic events - add entry for the before_exit calls - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8330814: Cleanups for KeepAliveCache tests - JDK-8331142: Add test for number of loader threads in BasicDirectoryModel - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS - JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock - JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only - JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer - JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' - JDK-8331863: DUIterator_Fast used before it is constructed - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null - JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' - JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int' - JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335904: Fix invalid comment in ShenandoahLock - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336342: Fix known X11 library locations in sysroot - JDK-8336343: Add more known sysroot library locations for ALSA - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338286: GHA: Demote x86_32 to hotspot build only - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags - JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8 - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - java-17-openjdk-headless-17.0.14.0-150400.3.51.1 updated - java-17-openjdk-17.0.14.0-150400.3.51.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 14:12:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 15:12:03 +0100 (CET) Subject: SUSE-CU-2025:592-1: Security update of containers/apache-tomcat Message-ID: <20250204141203.22428F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:592-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.13 Container Release : 62.13 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 14:12:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 15:12:12 +0100 (CET) Subject: SUSE-CU-2025:593-1: Security update of containers/apache-tomcat Message-ID: <20250204141212.6A994F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:593-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.13 Container Release : 62.13 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated From sle-container-updates at lists.suse.com Tue Feb 4 14:12:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 4 Feb 2025 15:12:42 +0100 (CET) Subject: SUSE-CU-2025:594-1: Security update of suse/sle15 Message-ID: <20250204141242.6654DF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:594-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.1 , suse/sle15:15.6 , suse/sle15:15.6.47.20.1 Container Release : 47.20.1 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - system-user-nobody-20170617-150400.24.2.1 added From sle-container-updates at lists.suse.com Wed Feb 5 08:02:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:02:43 +0100 (CET) Subject: SUSE-CU-2025:596-1: Security update of containers/milvus Message-ID: <20250205080243.C6053F787@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:596-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.23 Container Release : 7.23 Severity : moderate Type : security References : 1095184 1183703 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:357-1 Released: Tue Feb 4 15:21:55 2025 Summary: Security update for etcd Type: security Severity: moderate References: 1095184,1183703 This update for etcd fixes the following issues: Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a bit cleaner to move etcd to use --config-file in the long run. - Update etcd configuration file based on https://github.com/etcd-io/etcd/blob/v3.5.17/etcd.conf.yml.sample Update to version 3.5.17: * fix(defrag): close temp file in case of error * Bump go toolchain to 1.22.9 * fix(defrag): handle defragdb failure * fix(defrag): handle no space left error * [3.5] Fix risk of a partial write txn being applied * [serverWatchStream] terminate recvLoop on sws.close() Update to version 3.5.16: * Bump go toolchain to 1.22.7 * Introduce compaction sleep interval flag * Fix passing default grpc call options in Kubernetes client * Skip leadership check if the etcd instance is active processing heartbeats * Introduce Kubernetes KV interface to etcd client Update to version 3.5.15: * Differentiate the warning message for rejected client and peer * connections * Suppress noisy basic auth token deletion log * Support multiple values for allowed client and peer TLS identities(#18015) * print error log when validation on conf change failed Update to version 3.5.14: * etcdutl: Fix snapshot restore memory alloc issue * server: Implement WithMmapSize option for backend config * gRPC health server sets serving status to NOT_SERVING on defrag * server/mvcc: introduce compactBeforeSetFinishedCompact failpoint * Update the compaction log when bootstrap and update compact's signature * add experimental-snapshot-catchup-entries flag. * Fix retry requests when receiving ErrGPRCNotSupportedForLearner Update to version 3.5.13: * Fix progress notification for watch that doesn't get any events * pkg/types: Support Unix sockets in NewURLS * added arguments to the grpc-proxy: dial-keepalive-time, dial-keepalive-timeout, permit-without-stream * server: fix comment to match function name * Make CGO_ENABLED configurable for etcd 3.5 * etcdserver: drain leaky goroutines before test completed The following package changes have been done: - etcd-3.5.18-150000.7.9.1 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:03:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:03:38 +0100 (CET) Subject: SUSE-CU-2025:597-1: Security update of containers/open-webui Message-ID: <20250205080338.33818F787@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:597-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.13 Container Release : 7.13 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:12:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:12:22 +0100 (CET) Subject: SUSE-CU-2025:613-1: Security update of suse/nginx Message-ID: <20250205081222.5B63EF787@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:613-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.13 , suse/nginx:latest Container Release : 51.13 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:13:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:13:49 +0100 (CET) Subject: SUSE-CU-2025:616-1: Security update of bci/php Message-ID: <20250205081349.D093CF787@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:616-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.12 , bci/php:latest Container Release : 48.12 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:15:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:15:40 +0100 (CET) Subject: SUSE-CU-2025:618-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250205081540.BF2E6F787@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:618-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.31.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 31.3 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:16:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:16:54 +0100 (CET) Subject: SUSE-CU-2025:622-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250205081654.E8EFBF787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:622-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.21 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.21 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.78.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - container:sles15-ltss-image-15.4.0-2.18 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:17:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:17:36 +0100 (CET) Subject: SUSE-CU-2025:623-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250205081736.EF5A4F787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:623-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.23 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.23 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.78.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - openssl-1_1-1.1.1l-150400.7.78.1 updated - container:sles15-ltss-image-15.4.0-2.18 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:18:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:18:14 +0100 (CET) Subject: SUSE-CU-2025:624-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250205081814.E6C06F787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:624-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.14 , suse/manager/4.3/proxy-squid:4.3.14.9.59.12 , suse/manager/4.3/proxy-squid:latest Container Release : 9.59.12 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.78.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - container:sles15-ltss-image-15.4.0-2.18 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:18:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:18:56 +0100 (CET) Subject: SUSE-CU-2025:625-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250205081856.B84EBF787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:625-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.13 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.13 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.78.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - container:sles15-ltss-image-15.4.0-2.18 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:19:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:19:38 +0100 (CET) Subject: SUSE-CU-2025:626-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250205081938.0ADF3F787@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:626-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.13 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.13 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:349-1 Released: Tue Feb 4 09:34:30 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.78.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.78.1 updated - openssl-1_1-1.1.1l-150400.7.78.1 updated - container:sles15-ltss-image-15.4.0-2.18 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:20:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:20:56 +0100 (CET) Subject: SUSE-CU-2025:627-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250205082056.449C7F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:627-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.71 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.71 Severity : moderate Type : security References : 1226463 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:356-1 Released: Tue Feb 4 14:33:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.100.1 updated - libopenssl1_1-1.1.1d-150200.11.100.1 updated - openssl-1_1-1.1.1d-150200.11.100.1 updated From sle-container-updates at lists.suse.com Wed Feb 5 08:24:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 5 Feb 2025 09:24:28 +0100 (CET) Subject: SUSE-CU-2025:629-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250205082428.CB7A8F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:629-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.73 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.73 Severity : moderate Type : security References : 1226463 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:356-1 Released: Tue Feb 4 14:33:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.100.1 updated - libopenssl1_1-1.1.1d-150200.11.100.1 updated - openssl-1_1-1.1.1d-150200.11.100.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:02:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:02:44 +0100 (CET) Subject: SUSE-CU-2025:630-1: Security update of containers/milvus Message-ID: <20250206080244.C8309F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:630-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.26 Container Release : 7.26 Severity : moderate Type : security References : 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libgfortran4-7.5.0+r278197-150000.4.44.1 updated - libprotobuf25_5_0-25.5-150600.2.25 updated - permissions-20240826-150600.10.15.2 updated - libcurl4-8.6.0-150600.4.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:03:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:03:58 +0100 (CET) Subject: SUSE-CU-2025:631-1: Recommended update of containers/ollama Message-ID: <20250206080358.330EDF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:631-1 Container Tags : containers/ollama:0.3 , containers/ollama:0.3.14 , containers/ollama:0.3.14-5.8 Container Release : 5.8 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - ollama-nvidia-0.3.14-150600.1.4 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:05:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:05:05 +0100 (CET) Subject: SUSE-CU-2025:632-1: Security update of containers/open-webui Message-ID: <20250206080505.72995F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:632-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.16 Container Release : 7.16 Severity : moderate Type : security References : 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - libprotobuf25_5_0-25.5-150600.2.25 updated - libgfortran4-7.5.0+r278197-150000.4.44.1 updated - python311-protobuf-4.25.5-150600.2.25 updated - python311-certifi-2024.7.4-150600.1.13 updated - python311-cchardet-2.1.19-150600.1.10 updated - python311-numpy1-1.26.4-150600.1.12 updated - python311-scipy-1.14.1-150600.1.8 updated - python311-pandas-2.2.3-150600.1.14 updated - python311-scikit-learn-1.5.1-150600.1.9 updated - python311-open-webui-0.3.32-150600.1.42 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:06:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:06:01 +0100 (CET) Subject: SUSE-IU-2025:530-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250206080601.AD48FF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:530-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.141 , suse/sle-micro/base-5.5:latest Image Release : 5.8.141 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - curl-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150500.6.36.1 updated - zypper-1.14.81-150500.6.20.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:06:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:06:31 +0100 (CET) Subject: SUSE-IU-2025:531-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250206080631.AF677F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:531-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.273 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.273 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.141 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:07:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:07:16 +0100 (CET) Subject: SUSE-IU-2025:533-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250206080716.4AE17F78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:533-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.310 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.310 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.236 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:08:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:08:11 +0100 (CET) Subject: SUSE-IU-2025:534-1: Security update of suse/sle-micro/5.5 Message-ID: <20250206080811.787DFF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:534-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.236 , suse/sle-micro/5.5:latest Image Release : 5.5.236 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.141 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:14:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:14:57 +0100 (CET) Subject: SUSE-CU-2025:635-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250206081457.8BFCDF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:635-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.35 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.35 , suse/ltss/sle15.3/sle15:latest Container Release : 2.35 Severity : moderate Type : security References : 1226463 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:356-1 Released: Tue Feb 4 14:33:32 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.100.1 updated - libopenssl1_1-1.1.1d-150200.11.100.1 updated - openssl-1_1-1.1.1d-150200.11.100.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:18:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:18:41 +0100 (CET) Subject: SUSE-CU-2025:636-1: Recommended update of suse/389-ds Message-ID: <20250206081841.74416F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:636-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-51.4 , suse/389-ds:latest Container Release : 51.4 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:20:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:20:04 +0100 (CET) Subject: SUSE-CU-2025:640-1: Recommended update of suse/registry Message-ID: <20250206082004.3A512F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:640-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.7 , suse/registry:latest Container Release : 33.7 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:21:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:21:38 +0100 (CET) Subject: SUSE-CU-2025:646-1: Security update of bci/gcc Message-ID: <20250206082138.D4D43F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:646-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.14 , bci/gcc:latest Container Release : 8.14 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:22:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:22:02 +0100 (CET) Subject: SUSE-CU-2025:648-1: Security update of suse/git Message-ID: <20250206082202.C6445F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:648-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.3 , suse/git:latest Container Release : 36.3 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:22:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:22:23 +0100 (CET) Subject: SUSE-CU-2025:649-1: Security update of bci/golang Message-ID: <20250206082223.21BF7F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:649-1 Container Tags : bci/golang:1.22 , bci/golang:1.22.11 , bci/golang:1.22.11-2.48.17 , bci/golang:oldstable , bci/golang:oldstable-2.48.17 Container Release : 48.17 Severity : moderate Type : security References : 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:22:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:22:57 +0100 (CET) Subject: SUSE-CU-2025:651-1: Security update of bci/golang Message-ID: <20250206082257.DBAB8F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:651-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.17 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.17 Container Release : 55.17 Severity : moderate Type : security References : 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:23:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:23:31 +0100 (CET) Subject: SUSE-CU-2025:652-1: Security update of bci/golang Message-ID: <20250206082331.024AFF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:652-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.5 , bci/golang:1.23.5-1.48.17 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.17 Container Release : 48.17 Severity : moderate Type : security References : 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:24:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:24:02 +0100 (CET) Subject: SUSE-CU-2025:653-1: Security update of bci/golang Message-ID: <20250206082402.A07F4F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:653-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.16 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.16 Container Release : 55.16 Severity : moderate Type : security References : 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:24:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:24:32 +0100 (CET) Subject: SUSE-CU-2025:655-1: Recommended update of bci/bci-init Message-ID: <20250206082432.12C3AF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:655-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.14 , bci/bci-init:latest Container Release : 30.14 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:25:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:25:03 +0100 (CET) Subject: SUSE-CU-2025:656-1: Security update of bci/kiwi Message-ID: <20250206082503.7D5A1F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:656-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.25 , bci/kiwi:latest Container Release : 20.25 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - libzypp-17.35.19-150600.3.44.1 updated - zypper-1.14.81-150600.10.22.1 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:25:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:25:28 +0100 (CET) Subject: SUSE-CU-2025:657-1: Recommended update of suse/nginx Message-ID: <20250206082528.7E39BF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:657-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.15 , suse/nginx:latest Container Release : 51.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:26:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:26:04 +0100 (CET) Subject: SUSE-CU-2025:658-1: Security update of bci/nodejs Message-ID: <20250206082604.38F37F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:658-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.17 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.17 , bci/nodejs:latest Container Release : 48.17 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Thu Feb 6 08:26:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 6 Feb 2025 09:26:05 +0100 (CET) Subject: SUSE-CU-2025:659-1: Recommended update of bci/nodejs Message-ID: <20250206082605.46F24F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:659-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.18 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.18 , bci/nodejs:latest Container Release : 48.18 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:05:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:05:48 +0100 (CET) Subject: SUSE-CU-2025:662-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250207080548.95C87F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:662-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.81 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.81 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:361-1 Released: Wed Feb 5 11:00:36 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.0.1-150400.5.62.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150400.3.110.1 updated - zypper-1.14.81-150400.3.73.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:06:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:06:57 +0100 (CET) Subject: SUSE-CU-2025:663-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250207080657.23C64F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:663-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.81 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.81 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:361-1 Released: Wed Feb 5 11:00:36 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.0.1-150400.5.62.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150400.3.110.1 updated - zypper-1.14.81-150400.3.73.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:09:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:09:18 +0100 (CET) Subject: SUSE-CU-2025:665-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250207080918.C106EF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:665-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.9 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.9 , suse/ltss/sle15.5/sle15:latest Container Release : 4.9 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.0.1-150400.5.62.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150500.6.36.1 updated - zypper-1.14.81-150500.6.20.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:09:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:09:39 +0100 (CET) Subject: SUSE-CU-2025:666-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250207080939.B0AABF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:666-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.95 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.95 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1235873 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libzypp-17.35.19-150600.3.44.1 updated - permissions-20240826-150600.10.15.2 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:10:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:10:01 +0100 (CET) Subject: SUSE-CU-2025:659-1: Recommended update of bci/nodejs Message-ID: <20250207081001.D3E0EF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:659-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.18 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.18 , bci/nodejs:latest Container Release : 48.18 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:10:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:10:03 +0100 (CET) Subject: SUSE-CU-2025:668-1: Security update of bci/nodejs Message-ID: <20250207081003.CCAE5F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:668-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.6 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.6 Container Release : 31.6 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:10:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:10:04 +0100 (CET) Subject: SUSE-CU-2025:669-1: Recommended update of bci/nodejs Message-ID: <20250207081004.8661FF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:669-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.7 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.7 Container Release : 31.7 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:10:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:10:34 +0100 (CET) Subject: SUSE-CU-2025:670-1: Recommended update of bci/openjdk-devel Message-ID: <20250207081034.19EBFF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:670-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-32.19 , bci/openjdk-devel:latest Container Release : 32.19 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:bci-openjdk-21-13d9fcd14b6babc18fe1b5a24853eee62fe88723e28233bc4bfe846e1fc1644d-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:11:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:11:02 +0100 (CET) Subject: SUSE-CU-2025:671-1: Security update of bci/openjdk Message-ID: <20250207081102.44A1FF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:671-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-32.16 , bci/openjdk:latest Container Release : 32.16 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:11:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:11:19 +0100 (CET) Subject: SUSE-CU-2025:672-1: Security update of suse/pcp Message-ID: <20250207081119.E24FCF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:672-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.15 , suse/pcp:latest Container Release : 42.15 Severity : important Type : security References : 1236267 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - container:bci-bci-init-15.6-8ab3f94837947769d40d03a24a393dddecabbdb073c11d4baa94bd7ab9d53b56-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:11:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:11:20 +0100 (CET) Subject: SUSE-CU-2025:673-1: Recommended update of suse/pcp Message-ID: <20250207081120.9BA66F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:673-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.17 , suse/pcp:latest Container Release : 42.17 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:bci-bci-init-15.6-05acf9be22a359b0596109b8d8498506d86f629e1e89ad7cdadabde0ad3ac199-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:11:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:11:43 +0100 (CET) Subject: SUSE-CU-2025:674-1: Security update of bci/php-apache Message-ID: <20250207081143.A443BF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:674-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.16 , bci/php-apache:latest Container Release : 48.16 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:11:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:11:44 +0100 (CET) Subject: SUSE-CU-2025:675-1: Security update of bci/php-apache Message-ID: <20250207081144.697ABF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:675-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.18 , bci/php-apache:latest Container Release : 48.18 Severity : moderate Type : security References : 1235873 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:12:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:12:05 +0100 (CET) Subject: SUSE-CU-2025:676-1: Security update of bci/php-fpm Message-ID: <20250207081205.6E0BCF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:676-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.15 , bci/php-fpm:latest Container Release : 48.15 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:12:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:12:06 +0100 (CET) Subject: SUSE-CU-2025:677-1: Security update of bci/php-fpm Message-ID: <20250207081206.0EE22F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:677-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.17 , bci/php-fpm:latest Container Release : 48.17 Severity : moderate Type : security References : 1235873 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:12:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:12:24 +0100 (CET) Subject: SUSE-CU-2025:678-1: Security update of bci/php Message-ID: <20250207081224.F1736F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:678-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.14 , bci/php:latest Container Release : 48.14 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:12:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:12:43 +0100 (CET) Subject: SUSE-CU-2025:679-1: Recommended update of suse/postgres Message-ID: <20250207081243.6DB1AF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:679-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-58.4 Container Release : 58.4 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:12:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:12:48 +0100 (CET) Subject: SUSE-CU-2025:680-1: Recommended update of suse/postgres Message-ID: <20250207081248.511F2F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:680-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-39.4 , suse/postgres:latest Container Release : 39.4 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:13:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:13:20 +0100 (CET) Subject: SUSE-CU-2025:681-1: Security update of bci/python Message-ID: <20250207081320.E00EDF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:681-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.15 Container Release : 61.15 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:13:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:13:35 +0100 (CET) Subject: SUSE-CU-2025:682-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20250207081335.C7D79F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:682-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-54.11 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-54.11 , suse/rmt-mariadb-client:latest Container Release : 54.11 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 08:13:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 09:13:53 +0100 (CET) Subject: SUSE-CU-2025:683-1: Recommended update of suse/rmt-mariadb Message-ID: <20250207081353.C9362F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:683-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.13 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.13 , suse/rmt-mariadb:latest Container Release : 60.13 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:52:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:52:39 +0100 (CET) Subject: SUSE-IU-2025:536-1: Security update of suse/sle-micro/5.5 Message-ID: <20250207125239.4F9FCF78D@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:536-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.237 , suse/sle-micro/5.5:latest Image Release : 5.5.237 Severity : important Type : security References : 1236270 CVE-2024-11218 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:382-1 Released: Fri Feb 7 09:43:57 2025 Summary: Security update for podman Type: security Severity: important References: 1236270,CVE-2024-11218 This update for podman fixes the following issues: - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270) The following package changes have been done: - podman-4.9.5-150500.3.31.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:56:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:56:06 +0100 (CET) Subject: SUSE-CU-2025:683-1: Recommended update of suse/rmt-mariadb Message-ID: <20250207125606.9C004F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:683-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.13 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.13 , suse/rmt-mariadb:latest Container Release : 60.13 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:56:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:56:19 +0100 (CET) Subject: SUSE-CU-2025:686-1: Security update of suse/rmt-server Message-ID: <20250207125619.8E32AF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:686-1 Container Tags : suse/rmt-server:2.20 , suse/rmt-server:2.20-56.14 , suse/rmt-server:latest Container Release : 56.14 Severity : important Type : security References : 1236460 CVE-2022-49043 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - container:registry.suse.com-bci-bci-base-15.6-de765b8fe0cc6d4d83c9a128523266e1a815ac8f35f3145d60ca82b9b3d4ca70-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:56:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:56:20 +0100 (CET) Subject: SUSE-CU-2025:687-1: Recommended update of suse/rmt-server Message-ID: <20250207125620.598F2F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:687-1 Container Tags : suse/rmt-server:2.20 , suse/rmt-server:2.20-56.15 , suse/rmt-server:latest Container Release : 56.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:56:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:56:44 +0100 (CET) Subject: SUSE-CU-2025:688-1: Security update of bci/ruby Message-ID: <20250207125644.EB77CF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:688-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.18 , bci/ruby:latest Container Release : 31.18 Severity : moderate Type : security References : 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - gcc7-c++-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:57:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:57:06 +0100 (CET) Subject: SUSE-CU-2025:690-1: Security update of bci/rust Message-ID: <20250207125706.87062F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:690-1 Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-2.2.13 , bci/rust:oldstable , bci/rust:oldstable-2.2.13 Container Release : 2.13 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:57:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:57:27 +0100 (CET) Subject: SUSE-CU-2025:692-1: Security update of bci/rust Message-ID: <20250207125727.5474EF78D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:692-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-1.2.13 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.13 Container Release : 2.13 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:57:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:57:36 +0100 (CET) Subject: SUSE-CU-2025:693-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125736.08A65F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:693-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:57:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:57:47 +0100 (CET) Subject: SUSE-CU-2025:694-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125747.A2FBFF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:694-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:57:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:57:59 +0100 (CET) Subject: SUSE-CU-2025:695-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125759.2A6E4F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:695-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:58:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:58:07 +0100 (CET) Subject: SUSE-CU-2025:696-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125807.09781F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:696-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:58:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:58:16 +0100 (CET) Subject: SUSE-CU-2025:697-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125816.F06C4F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:697-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:58:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:58:25 +0100 (CET) Subject: SUSE-CU-2025:698-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125825.361F7F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:698-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:58:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:58:31 +0100 (CET) Subject: SUSE-CU-2025:699-1: Recommended update of containers/apache-tomcat Message-ID: <20250207125831.B2118F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:699-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.15 Container Release : 62.15 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:59:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:59:07 +0100 (CET) Subject: SUSE-CU-2025:700-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250207125907.53310F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:700-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.31.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 31.7 Severity : moderate Type : security References : 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:59:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:59:28 +0100 (CET) Subject: SUSE-CU-2025:701-1: Security update of suse/sle15 Message-ID: <20250207125928.DCBC2F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:701-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.4 , suse/sle15:15.6 , suse/sle15:15.6.47.20.4 Container Release : 47.20.4 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1235873 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libzypp-17.35.19-150600.3.44.1 updated - permissions-20240826-150600.10.15.2 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:59:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:59:40 +0100 (CET) Subject: SUSE-CU-2025:704-1: Recommended update of bci/bci-init Message-ID: <20250207125940.25C34F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:704-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.21 Container Release : 3.21 Severity : moderate Type : recommended References : 1235873 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.3 updated - libsmartcols1-2.40.4-150700.1.3 updated - libgpg-error0-1.50-150700.1.4 updated - findutils-4.10.0-150700.2.2 updated - libblkid1-2.40.4-150700.1.3 updated - libopenssl3-3.2.3-150700.3.6 updated - libgcrypt20-1.11.0-150700.2.13 updated - libmount1-2.40.4-150700.1.3 updated - libfdisk1-2.40.4-150700.1.3 updated - libopenssl-3-fips-provider-3.2.3-150700.3.6 updated - grep-3.11-150700.1.4 updated - sles-release-15.7-150700.18.3 updated - permissions-20240826-150600.10.15.2 updated - util-linux-2.40.4-150700.1.3 updated - container:sles15-image-15.7.0-4.2.8 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:59:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:59:50 +0100 (CET) Subject: SUSE-CU-2025:707-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250207125950.EEA81F78D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:707-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.11 Container Release : 4.11 Severity : moderate Type : security References : 1235873 1236267 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.3 updated - libsmartcols1-2.40.4-150700.1.3 updated - libgpg-error0-1.50-150700.1.4 updated - findutils-4.10.0-150700.2.2 updated - libblkid1-2.40.4-150700.1.3 updated - libopenssl3-3.2.3-150700.3.6 updated - libgcrypt20-1.11.0-150700.2.13 updated - libmount1-2.40.4-150700.1.3 updated - libfdisk1-2.40.4-150700.1.3 updated - libopenssl-3-fips-provider-3.2.3-150700.3.6 updated - libcurl4-8.6.0-150600.4.21.1 updated - grep-3.11-150700.1.4 updated - sles-release-15.7-150700.18.3 updated - permissions-20240826-150600.10.15.2 updated - util-linux-2.40.4-150700.1.3 updated - openssl-3-3.2.3-150700.3.6 updated - glibc-locale-base-2.38-150700.21.1 updated - kernel-macros-6.4.0-150700.42.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libopenssl1_1-1.1.1w-150700.9.11 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - linux-glibc-devel-6.4-150700.7.1 updated - glibc-locale-2.38-150700.21.1 updated - kernel-devel-6.4.0-150700.42.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - glibc-devel-2.38-150700.21.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - kernel-default-devel-6.4.0-150700.42.1 updated - kernel-syms-6.4.0-150700.42.1 updated - container:sles15-image-15.7.0-4.2.8 updated From sle-container-updates at lists.suse.com Fri Feb 7 12:59:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 13:59:59 +0100 (CET) Subject: SUSE-CU-2025:708-1: Security update of suse/sle15 Message-ID: <20250207125959.C5B45F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:708-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.8 , suse/sle15:15.7 , suse/sle15:15.7-4.2.8 Container Release : 4.2.8 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1235873 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-8.6.0-150600.4.21.1 updated - findutils-4.10.0-150700.2.2 updated - glibc-2.38-150700.21.1 updated - grep-3.11-150700.1.4 updated - libblkid1-2.40.4-150700.1.3 updated - libcurl4-8.6.0-150600.4.21.1 updated - libfdisk1-2.40.4-150700.1.3 updated - libgcrypt20-1.11.0-150700.2.13 updated - libgpg-error0-1.50-150700.1.4 updated - libmount1-2.40.4-150700.1.3 updated - libopenssl-3-fips-provider-3.2.3-150700.3.6 updated - libopenssl3-3.2.3-150700.3.6 updated - libsmartcols1-2.40.4-150700.1.3 updated - libuuid1-2.40.4-150700.1.3 updated - libzypp-17.35.19-150600.3.44.1 updated - openssl-3-3.2.3-150700.3.6 updated - permissions-20240826-150600.10.15.2 updated - sle-module-basesystem-release-15.7-150700.18.2 updated - sle-module-python3-release-15.7-150700.18.2 updated - sle-module-server-applications-release-15.7-150700.18.2 updated - sles-release-15.7-150700.18.3 updated - util-linux-2.40.4-150700.1.3 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 13:01:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 14:01:27 +0100 (CET) Subject: SUSE-CU-2025:712-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250207130127.C74DDFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:712-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.73 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.73 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:372-1 Released: Wed Feb 5 16:35:47 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-7.66.0-150200.4.84.1 updated - libcurl4-7.66.0-150200.4.84.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 13:05:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 14:05:04 +0100 (CET) Subject: SUSE-CU-2025:714-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250207130504.1C564FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:714-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.75 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.75 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:372-1 Released: Wed Feb 5 16:35:47 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-7.66.0-150200.4.84.1 updated - libcurl4-7.66.0-150200.4.84.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 16:59:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 17:59:09 +0100 (CET) Subject: SUSE-IU-2025:537-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250207165909.57AF6F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:537-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.3 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.3 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 15 Released: Fri Feb 7 10:57:24 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - Bump protocol version to 32 - make it easier to show server is patched. - Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass The following package changes have been done: - rsync-3.3.0-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.0-4.4 updated From sle-container-updates at lists.suse.com Fri Feb 7 16:59:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 17:59:17 +0100 (CET) Subject: SUSE-IU-2025:538-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250207165917.F351AF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:538-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.4 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.4 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 15 Released: Fri Feb 7 10:57:24 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - Bump protocol version to 32 - make it easier to show server is patched. - Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass The following package changes have been done: - rsync-3.3.0-slfo.1.1_3.1 updated From sle-container-updates at lists.suse.com Fri Feb 7 16:59:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 17:59:27 +0100 (CET) Subject: SUSE-IU-2025:539-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250207165927.62E4EF787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:539-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.3 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.3 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 15 Released: Fri Feb 7 10:57:24 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - Bump protocol version to 32 - make it easier to show server is patched. - Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass The following package changes have been done: - rsync-3.3.0-slfo.1.1_3.1 updated - container:SL-Micro-base-container-2.2.0-4.4 updated From sle-container-updates at lists.suse.com Fri Feb 7 16:59:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 17:59:36 +0100 (CET) Subject: SUSE-IU-2025:540-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250207165936.1EA30F787@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:540-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.2 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.2 Severity : critical Type : security References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 15 Released: Fri Feb 7 10:57:24 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - Bump protocol version to 32 - make it easier to show server is patched. - Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED - Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links - Security update, fix multiple vulnerabilities: * CVE-2024-12084, bsc#1234100 - Heap Buffer Overflow in Checksum Parsing * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links * CVE-2024-12088, bsc#1234104 - --safe-links Bypass The following package changes have been done: - rsync-3.3.0-slfo.1.1_3.1 updated - container:SL-Micro-container-2.2.0-4.3 updated From sle-container-updates at lists.suse.com Fri Feb 7 17:04:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 7 Feb 2025 18:04:39 +0100 (CET) Subject: SUSE-CU-2025:714-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250207170439.5C3B2FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:714-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.75 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.75 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:372-1 Released: Wed Feb 5 16:35:47 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - curl-7.66.0-150200.4.84.1 updated - libcurl4-7.66.0-150200.4.84.1 updated From sle-container-updates at lists.suse.com Sat Feb 8 08:08:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 8 Feb 2025 09:08:01 +0100 (CET) Subject: SUSE-CU-2025:719-1: Security update of containers/python Message-ID: <20250208080801.4988DF787@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:719-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.17 Container Release : 51.17 Severity : moderate Type : security References : 1236588 1236590 1236705 CVE-2025-0167 CVE-2025-0725 CVE-2025-0938 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:386-1 Released: Fri Feb 7 18:13:30 2025 Summary: Security update for python39 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python39 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - libpython3_9-1_0-3.9.21-150300.4.64.1 updated - python39-base-3.9.21-150300.4.64.1 updated - python39-3.9.21-150300.4.64.1 updated - python39-devel-3.9.21-150300.4.64.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:47:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:47:02 +0100 (CET) Subject: SUSE-CU-2025:737-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250210164702.C856CFBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:737-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.83 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.83 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:49:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:49:40 +0100 (CET) Subject: SUSE-CU-2025:738-1: Security update of suse/389-ds Message-ID: <20250210164940.890B2FBA0@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:738-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-51.5 , suse/389-ds:latest Container Release : 51.5 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - krb5-client-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:50:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:50:17 +0100 (CET) Subject: SUSE-CU-2025:740-1: Security update of suse/registry Message-ID: <20250210165017.E2036FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:740-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.8 , suse/registry:latest Container Release : 33.8 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:50:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:50:36 +0100 (CET) Subject: SUSE-CU-2025:741-1: Security update of suse/git Message-ID: <20250210165036.22E33FCE7@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:741-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.5 , suse/git:latest Container Release : 36.5 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:50:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:50:51 +0100 (CET) Subject: SUSE-CU-2025:742-1: Security update of bci/golang Message-ID: <20250210165051.4C030FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:742-1 Container Tags : bci/golang:1.22 , bci/golang:1.22.12 , bci/golang:1.22.12-2.48.19 , bci/golang:oldstable , bci/golang:oldstable-2.48.19 Container Release : 48.19 Severity : moderate Type : security References : 1218424 1236801 CVE-2025-22866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:392-1 Released: Mon Feb 10 08:34:15 2025 Summary: Security update for go1.22 Type: security Severity: moderate References: 1218424,1236801,CVE-2025-22866 This update for go1.22 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: - go1.22 release tracking (bsc#1218424) The following package changes have been done: - go1.22-doc-1.22.12-150000.1.42.1 updated - go1.22-1.22.12-150000.1.42.1 updated - go1.22-race-1.22.12-150000.1.42.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:51:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:51:13 +0100 (CET) Subject: SUSE-CU-2025:743-1: Security update of bci/golang Message-ID: <20250210165113.09B69FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:743-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-1.48.19 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.19 Container Release : 48.19 Severity : moderate Type : security References : 1229122 1236801 CVE-2025-22866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:393-1 Released: Mon Feb 10 08:34:28 2025 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1236801,CVE-2025-22866 This update for go1.23 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: - go1.23 release tracking (bsc#1229122) The following package changes have been done: - go1.23-doc-1.23.6-150000.1.21.1 updated - go1.23-1.23.6-150000.1.21.1 updated - go1.23-race-1.23.6-150000.1.21.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:51:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:51:25 +0100 (CET) Subject: SUSE-CU-2025:744-1: Security update of suse/helm Message-ID: <20250210165125.8D414FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:744-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-38.11 , suse/helm:latest Container Release : 38.11 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:51:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:51:46 +0100 (CET) Subject: SUSE-CU-2025:745-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250210165146.759FDFCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:745-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.97 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.97 Severity : moderate Type : security References : 1233760 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:404-1 Released: Mon Feb 10 12:49:48 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - rsync-3.2.7-150600.3.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:52:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:52:12 +0100 (CET) Subject: SUSE-CU-2025:746-1: Security update of bci/kiwi Message-ID: <20250210165212.17E23FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:746-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.27 , bci/kiwi:latest Container Release : 20.27 Severity : moderate Type : security References : 1233760 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:404-1 Released: Mon Feb 10 12:49:48 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. The following package changes have been done: - rsync-3.2.7-150600.3.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:52:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:52:35 +0100 (CET) Subject: SUSE-CU-2025:747-1: Security update of suse/postgres Message-ID: <20250210165235.3E374FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:747-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-58.6 Container Release : 58.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:52:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:52:40 +0100 (CET) Subject: SUSE-CU-2025:748-1: Security update of suse/postgres Message-ID: <20250210165240.470F5FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:748-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-39.6 , suse/postgres:latest Container Release : 39.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:53:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:53:06 +0100 (CET) Subject: SUSE-CU-2025:749-1: Security update of bci/python Message-ID: <20250210165306.ED66CFCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:749-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.17 , bci/python:latest Container Release : 61.17 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:53:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:53:31 +0100 (CET) Subject: SUSE-CU-2025:750-1: Security update of bci/python Message-ID: <20250210165331.5EF12FCE8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:750-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.16 Container Release : 60.16 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:53:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:53:48 +0100 (CET) Subject: SUSE-CU-2025:751-1: Security update of suse/rmt-mariadb-client Message-ID: <20250210165348.9DF85FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:751-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-54.13 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-54.13 , suse/rmt-mariadb-client:latest Container Release : 54.13 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:54:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:54:05 +0100 (CET) Subject: SUSE-CU-2025:752-1: Security update of suse/rmt-mariadb Message-ID: <20250210165405.D0B39FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:752-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.15 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.15 , suse/rmt-mariadb:latest Container Release : 60.15 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:54:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:54:18 +0100 (CET) Subject: SUSE-CU-2025:753-1: Recommended update of suse/rmt-server Message-ID: <20250210165418.8E548FCE8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:753-1 Container Tags : suse/rmt-server:2.21 , suse/rmt-server:2.21-56.17 , suse/rmt-server:latest Container Release : 56.17 Severity : moderate Type : recommended References : 1230157 1230419 1232808 1234844 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:397-1 Released: Mon Feb 10 10:04:14 2025 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: 1230157,1230419,1232808,1234844 This update for rmt-server fixes the following issues: - Allow users to configure the SUMA product tree base URL to download 'product_tree.json' from host other than 'scc.suse.com' (bsc#1234844) - Update Micro check due to Micro 6.0 and 6.1 identifier (bsc#1230419) - Remove obsolete repositories and associations from rmt during SCC sync (bsc#1232808) - Do not re-download repomd metadata if already exists and be the latest version - rmt-server-pubcloud: * Update Zypper path allowing check to handle paid extensions (i.e. LTSS) (bsc#1230157) * Add data export engine The following package changes have been done: - rmt-server-config-2.21-150500.3.28.1 updated - rmt-server-2.21-150500.3.28.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:54:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:54:26 +0100 (CET) Subject: SUSE-CU-2025:754-1: Security update of containers/apache-tomcat Message-ID: <20250210165426.6F399FCE8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:754-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.17 Container Release : 62.17 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:54:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:54:36 +0100 (CET) Subject: SUSE-CU-2025:755-1: Security update of containers/apache-tomcat Message-ID: <20250210165436.E20BDFCE8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:755-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.17 Container Release : 62.17 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:54:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:54:53 +0100 (CET) Subject: SUSE-CU-2025:756-1: Security update of containers/apache-tomcat Message-ID: <20250210165453.99928FCE8@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:756-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.17 Container Release : 62.17 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:49:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:49:58 +0100 (CET) Subject: SUSE-CU-2025:739-1: Security update of bci/bci-base-fips Message-ID: <20250210164958.7C857FBA0@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:739-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.19.12 , bci/bci-base-fips:latest Container Release : 19.12 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - crypto-policies-scripts-20230920.570ea89-150600.3.3.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 16:45:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 17:45:53 +0100 (CET) Subject: SUSE-CU-2025:736-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250210164553.6EA49F787@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:736-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.83 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.83 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:00 +0100 (CET) Subject: SUSE-CU-2025:756-1: Security update of containers/apache-tomcat Message-ID: <20250210170700.58288F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:756-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.17 Container Release : 62.17 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:10 +0100 (CET) Subject: SUSE-CU-2025:757-1: Security update of containers/apache-tomcat Message-ID: <20250210170710.DAF85F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:757-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:22 +0100 (CET) Subject: SUSE-CU-2025:758-1: Security update of containers/apache-tomcat Message-ID: <20250210170722.71868F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:758-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:33 +0100 (CET) Subject: SUSE-CU-2025:759-1: Security update of containers/apache-tomcat Message-ID: <20250210170733.2354CF78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:759-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:41 +0100 (CET) Subject: SUSE-CU-2025:760-1: Security update of containers/apache-tomcat Message-ID: <20250210170741.DA5F6F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:760-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:399-1 Released: Mon Feb 10 10:14:47 2025 Summary: Recommended update for java-1_8_0-openjdk Type: recommended Severity: moderate References: This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u442 (icedtea-3.34.0) * Security fixes + No CVE from the January 2025 CPU affects jdk8u432, nonetheless this release contains defense-in-depth fixes * Import of OpenJDK 8 u442 build 06 + Zero name_index item of MethodParameters attribute cause MalformedParameterException + (fs) java/nio/file/Files/probeContentType/ParallelProbes.java should use othervm mode + Swing: Invalid position of candidate pop-up of InputMethod in Hi-DPI on Windows + Upgrade to LittleCMS 2.12 + Open source several Swing Text related tests + Enhanced Building of Processes + Add an operation mode to the jar command when extracting to not overwriting existing files + Enhance mask blit functionality redux + GHA: some of bundles may not get removed + [8u] Profiler crashes at guarantee(is_result_safe || is_in_asgct()): unsafe access to zombie method + Replace ThreadLocalStorage::thread with Thread::current_or_null in jdk8 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - java-1_8_0-openjdk-headless-1.8.0.442-150000.3.103.2 updated - java-1_8_0-openjdk-1.8.0.442-150000.3.103.2 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:49 +0100 (CET) Subject: SUSE-CU-2025:761-1: Security update of containers/python Message-ID: <20250210170749.AD113F78D@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:761-1 Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.16 Container Release : 44.16 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.6.0-150600.4.21.1 updated - curl-8.6.0-150600.4.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:07:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:07:50 +0100 (CET) Subject: SUSE-CU-2025:762-1: Security update of suse/stunnel Message-ID: <20250210170750.F41DDF78D@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:762-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.5 , suse/stunnel:latest Container Release : 37.5 Severity : moderate Type : security References : 1235873 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - permissions-20240826-150600.10.15.2 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:09:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:09:24 +0100 (CET) Subject: SUSE-CU-2025:766-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250210170924.DE5A6F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:766-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.75 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.75 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated From sle-container-updates at lists.suse.com Mon Feb 10 17:10:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 10 Feb 2025 18:10:43 +0100 (CET) Subject: SUSE-CU-2025:767-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250210171043.404D8F78D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:767-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.77 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.77 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated From sle-container-updates at lists.suse.com Tue Feb 11 08:02:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Feb 2025 09:02:50 +0100 (CET) Subject: SUSE-CU-2025:768-1: Security update of containers/milvus Message-ID: <20250211080250.0D31DFC34@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:768-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.29 Container Release : 7.29 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libprotobuf25_5_0-25.5-150600.2.26 updated - krb5-1.20.1-150600.11.8.1 updated From sle-container-updates at lists.suse.com Tue Feb 11 08:10:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Feb 2025 09:10:13 +0100 (CET) Subject: SUSE-CU-2025:771-1: Security update of bci/bci-base-fips Message-ID: <20250211081013.8A699FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:771-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.26 Container Release : 3.26 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - sles-release-15.7-150700.18.6 updated - libopenssl1_1-1.1.1w-150700.9.14 updated - crypto-policies-scripts-20230920.570ea89-150600.3.3.1 updated - container:sles15-image-15.7.0-4.2.12 updated From sle-container-updates at lists.suse.com Tue Feb 11 08:03:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 11 Feb 2025 09:03:58 +0100 (CET) Subject: SUSE-CU-2025:769-1: Security update of containers/ollama Message-ID: <20250211080358.959B7FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:769-1 Container Tags : containers/ollama:0.3 , containers/ollama:0.3.14 , containers/ollama:0.3.14-5.11 Container Release : 5.11 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - ollama-nvidia-0.3.14-150600.1.6 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:02:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:02:49 +0100 (CET) Subject: SUSE-CU-2025:772-1: Security update of containers/milvus Message-ID: <20250212080249.9AF6FFC98@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:772-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.32 Container Release : 7.32 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - boost-license1_86_0-1.86.0-150600.1.4 updated - libaws-c-common1-0.9.28-150600.1.5 updated - libfmt9-9.1.0-150600.1.5 updated - libgflags2_2-2.2.2-150600.1.5 updated - libopentracing-cpp1-1.6.0-150600.1.5 updated - libsimdjson22-v3.9.5-150600.1.5 updated - libtbb12-2021.13.0-150600.1.4 updated - liburing2-2.6-150600.1.5 updated - libzstd1-1.5.6-150600.1.5 updated - minio-client-20241008T093726Z-150600.1.9 updated - libboost_program_options1_86_0-1.86.0-150600.1.4 updated - libboost_filesystem1_86_0-1.86.0-150600.1.4 updated - libboost_context1_86_0-1.86.0-150600.1.4 updated - libaws-checksums1-0.1.20-150600.1.6 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.5 updated - libaws-c-compression1_0_0-0.2.18-150600.1.4 updated - libglog-4-0-0.4.0-150600.1.5 updated - libprotobuf3_21_12-21.12-150600.1.6 updated - libprotobuf25_5_0-25.5-150600.2.28 updated - libopenssl3-3.1.4-150600.5.24.1 updated - librocksdb6-6.29.5-150600.2.4 updated - libthrift-0_17_0-0.17.0-150600.1.5 updated - libs2n0unstable-1.5.1-150600.1.5 updated - libaws-c-cal0unstable-0.7.4-150600.1.4 updated - libfolly0-2023.10.30.00-150600.1.3 updated - libaws-c-io0unstable-0.14.18-150600.1.4 updated - libarrow1700-17.0.0-150600.2.4 updated - libaws-c-http1_0_0-0.8.10-150600.1.5 updated - libaws-c-event-stream1-0.4.2-150600.1.4 updated - libparquet1700-17.0.0-150600.2.4 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.5 updated - libaws-c-auth1_0_0-0.7.31-150600.1.4 updated - librdkafka1-2.3.0-150600.1.4 updated - libprometheus-cpp0_13-0.13.0-150600.1.5 updated - libaws-c-s3-0unstable-0.6.6-150600.1.5 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.3 updated - libaws-crt-cpp1-0.28.3-150600.1.4 updated - aws-sdk-cpp-libs-1.11.412-150600.1.3 updated - milvus-cppcpu-2.4.6-150600.1.3 updated - milvus-2.4.6-150600.1.8 updated - container:registry.suse.com-bci-bci-base-15.6-39a22204dd12ec7c5a4b6026ec1e38628f7f4bc32602f651f8b8639d3fd3a14e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-39a22204dd12ec7c5a4b6026ec1e38628f7f4bc32602f651f8b8639d3fd3a14e-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:04:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:04:09 +0100 (CET) Subject: SUSE-CU-2025:773-1: Security update of containers/ollama Message-ID: <20250212080409.91274FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:773-1 Container Tags : containers/ollama:0.3 , containers/ollama:0.3.14 , containers/ollama:0.3.14-5.15 Container Release : 5.15 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - cuda-cccl-12-5-12.5.39-150600.1.4 updated - cuda-crt-12-5-12.5.82-150600.1.4 updated - cuda-nvvm-12-5-12.5.82-150600.1.4 updated - cuda-toolkit-12-5-config-common-12.5.82-150600.1.4 updated - cuda-toolkit-12-config-common-12.5.82-150600.1.4 updated - cuda-toolkit-config-common-12.5.82-150600.1.4 updated - libcublas-12-5-12.5.3.2-150600.1.4 updated - cuda-cudart-12-5-12.5.82-150600.1.4 updated - libopenssl3-3.1.4-150600.5.24.1 updated - ollama-nvidia-0.3.14-150600.1.8 updated - container:registry.suse.com-bci-bci-base-15.6-39a22204dd12ec7c5a4b6026ec1e38628f7f4bc32602f651f8b8639d3fd3a14e-0 updated - container:registry.suse.com-bci-bci-micro-15.6-39a22204dd12ec7c5a4b6026ec1e38628f7f4bc32602f651f8b8639d3fd3a14e-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:05:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:05:16 +0100 (CET) Subject: SUSE-CU-2025:774-1: Security update of containers/open-webui Message-ID: <20250212080516.2E351FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:774-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.21 Container Release : 7.21 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.3 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - libgflags2_2-2.2.2-150600.1.5 updated - libtbb12-2021.13.0-150600.1.4 updated - libthrift-0_17_0-0.17.0-150600.1.5 updated - opencv4-cascades-data-4.10.0-150600.1.8 updated - libprotobuf25_5_0-25.5-150600.2.28 updated - libglog-4-0-0.4.0-150600.1.5 updated - python311-xlrd-2.0.1-150600.1.5 updated - python311-wrapt-1.16.0-150600.1.5 updated - python311-validators-0.34.0-150600.1.5 updated - python311-uritemplate-4.1.1-150600.1.4 updated - python311-tzdata-2024.1-150600.1.4 updated - python311-typing_extensions-4.12.2-150600.1.4 updated - python311-tqdm-4.66.4-150600.1.5 updated - python311-threadpoolctl-3.5.0-150600.1.2 updated - python311-tenacity-9.0.0-150600.1.3 updated - python311-sniffio-1.3.1-150600.1.5 updated - python311-six-1.16.0-150600.1.5 updated - python311-setuptools-72.1.0-150600.1.4 updated - python311-safetensors-0.4.3-150600.1.6 updated - python311-regex-2024.5.15-150600.1.5 updated - python311-red-black-tree-mod-1.22-150600.1.5 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.2 updated - python311-pyxlsb-1.0.10-150600.1.5 updated - python311-pytube-15.0.0-150600.1.5 updated - python311-python-iso639-2024.4.27-150600.1.4 updated - python311-pypdf-4.3.1-150600.1.2 updated - python311-pymongo-4.6.3-150600.1.6 updated - python311-psycopg2-2.9.9-150600.1.7 updated - python311-protobuf-4.25.5-150600.2.28 updated - python311-primp-0.6.3-150600.1.5 updated - python311-pluggy-1.5.0-150600.1.5 updated - python311-peewee-3.17.6-150600.1.5 updated - python311-packaging-24.1-150600.1.4 updated - python311-overrides-7.7.0-150600.1.5 updated - python311-orjson-3.10.7-150600.1.6 updated - python311-onnxruntime-1.19.2-150600.1.3 updated - python311-olefile-0.47-150600.1.5 updated - python311-nest-asyncio-1.6.0-150600.1.5 updated - python311-monotonic-1.6-150600.1.4 updated - python311-mmh3-4.1.0-150600.1.4 updated - python311-langsmith-0.1.52-150600.1.2 updated - python311-langfuse-2.44.0-150600.1.4 updated - python311-langchain-chroma-0.1.4-150600.1.4 updated - python311-jsonpath-python-1.0.6-150600.1.5 updated - python311-jiter-0.5.0-150600.1.5 updated - python311-jdcal-1.4.1-150600.1.4 updated - python311-importlib-resources-6.1.1-150600.1.5 updated - python311-idna-3.8-150600.1.4 updated - python311-greenlet-3.1.0-150600.1.6 updated - python311-filetype-1.2.0-150600.1.4 updated - python311-emoji-2.13.2-150600.1.5 updated - python311-einops-0.8.0-150600.1.2 updated - python311-ebcdic-1.1.1-150600.1.4 updated - python311-easygui-0.98.3-150600.1.4 updated - python311-docx2txt-0.8-150600.1.5 updated - python311-django-cache-url-3.4.5-150600.1.3 updated - python311-dj-email-url-1.0.6-150600.1.4 updated - python311-distro-1.9.0-150600.1.5 updated - python311-dill-0.3.8-150600.1.5 updated - python311-defusedxml-0.7.1-150600.1.4 updated - python311-compressed_rtf-1.0.6-150600.1.5 updated - python311-colorclass-2.2.2-150600.1.4 updated - python311-click-8.1.7-150600.1.5 updated - python311-charset-normalizer-3.3.2-150600.1.5 updated - python311-certifi-2024.7.4-150600.1.18 updated - python311-cchardet-2.1.19-150600.1.15 updated - python311-bitarray-2.9.2-150600.1.5 updated - python311-bcrypt-4.2.0-150600.1.6 updated - python311-backoff-2.2.1-150600.1.3 updated - python311-appdirs-1.4.4-150600.1.3 updated - python311-annotated-types-0.7.0-150600.1.4 updated - python311-aiohappyeyeballs-2.3.7-150600.1.4 updated - python311-XlsxWriter-3.2.0-150600.1.4 updated - python311-PyYAML-6.0.1-150600.1.5 updated - python311-PyPika-0.48.9-150600.1.5 updated - python311-pypandoc-1.14-150600.1.2 updated - python311-importlib-metadata-7.1.0-150600.1.5 updated - python311-ftfy-6.0.3-150600.1.4 updated - python311-pydantic-core-2.23.4-150600.1.4 updated - python311-asgiref-3.8.1-150600.1.4 updated - python311-lark-1.1.9-150600.1.4 updated - python311-cffi-1.17.0-150600.1.5 updated - python311-proto-plus-1.24.0-150600.1.3 updated - python311-opentelemetry-proto-1.27.0-150600.1.2 updated - python311-Pillow-10.4.0-150600.1.5 updated - python311-typing-inspect-0.9.0-150600.1.5 updated - python311-jsonpatch-1.33-150600.1.5 updated - python311-fake-useragent-1.5.1-150600.1.3 updated - python311-yarl-1.13.1-150600.1.4 updated - python311-anyio-4.4.0-150600.1.3 updated - python311-SQLAlchemy-2.0.32-150600.1.5 updated - python311-multiprocess-0.70.16-150600.1.2 updated - python311-python-oxmsg-0.0.1-150600.1.3 updated - python311-peewee-migrate-1.13.0-150600.1.4 updated - python311-pytest-8.3.2-150600.1.5 updated - python311-redis-5.0.8-150600.1.3 updated - python311-uvicorn-0.30.6-150600.1.2 updated - python311-Werkzeug-3.0.4-150600.1.4 updated - python311-grpcio-1.65.0-150600.1.4 updated - libarrow1700-17.0.0-150600.2.4 updated - python311-mpmath-1.3.0-150600.1.5 updated - libctranslate2-4-4.4.0-150600.1.4 updated - python311-build-1.2.1-150600.1.4 updated - python311-Markdown-3.7-150600.1.5 updated - python311-opentelemetry-api-1.27.0-150600.1.3 updated - python311-pydantic-2.9.2-150600.1.3 updated - python311-cryptography-43.0.1-150600.1.8 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.2 updated - python311-rich-13.7.1-150600.1.4 updated - python311-starlette-0.38.5-150600.1.3 updated - python311-httpcore-1.0.5-150600.1.3 updated - python311-aiohttp-3.10.8-150600.1.3 updated - python311-python-pptx-1.0.2-150600.1.2 updated - python311-et_xmlfile-1.0.1-150600.1.4 updated - python311-beautifulsoup4-4.12.3-150600.1.3 updated - python311-pytest-docker-3.1.1-150600.1.2 updated - python311-duckduckgo-search-6.2.13-150600.1.2 updated - python311-APScheduler-3.10.4-150600.1.3 updated - python311-alembic-1.13.2-150600.1.2 updated - python311-Flask-3.0.3-150600.1.3 updated - python311-googleapis-common-protos-1.63.2-150600.1.3 updated - libparquet1700-17.0.0-150600.2.4 updated - libarrow_acero1700-17.0.0-150600.2.4 updated - python311-psutil-6.0.0-150600.1.5 updated - python311-python-jose-3.3.0-150600.1.5 updated - python311-ctranslate2-4.4.0-150600.1.5 updated - python311-numpy1-1.26.4-150600.1.16 updated - python311-opentelemetry-semantic-conventions-0.48b0-150600.1.3 updated - python311-opentelemetry-instrumentation-0.48b0-150600.1.3 updated - python311-langchain-core-0.2.38-150600.1.4 updated - python311-dataclasses-json-0.6.7-150600.1.2 updated - python311-pyOpenSSL-24.2.1-150600.1.3 updated - python311-msoffcrypto-tool-4.10.2-150600.1.3 updated - python311-PyMySQL-1.1.1-150600.1.3 updated - python311-PyJWT-2.9.0-150600.1.3 updated - python311-argon2-cffi-23.1.0-150600.1.2 updated - python311-typer-slim-0.12.5-150600.1.2 updated - python311-fastapi-0.114.2-150600.1.2 updated - python311-httpx-0.27.2-150600.1.3 updated - python311-black-24.8.0-150600.1.2 updated - python311-openpyxl-3.1.5-150600.1.3 updated - python311-Flask-Cors-5.0.0-150600.1.3 updated - python311-grpcio-status-1.62.2-150600.1.5 updated - libarrow_flight1700-17.0.0-150600.2.4 updated - libarrow_dataset1700-17.0.0-150600.2.4 updated - python311-sympy-1.12.1-150600.1.4 updated - python311-scipy-1.14.1-150600.1.11 updated - python311-pandas-2.2.3-150600.1.17 updated - python311-joblib-1.4.2-150600.1.3 updated - python311-chroma-hnswlib-0.7.6-150600.2.2 updated - python311-opentelemetry-sdk-1.27.0-150600.1.3 updated - python311-langchain-text_splitters-0.2.16-150600.1.2 updated - python311-oletools-0.60.2-150600.1.2 updated - python311-Django-5.1.1-150600.1.2 updated - python311-typer-0.12.5-150600.1.2 updated - python311-openai-1.40.8-150600.1.2 updated - python311-pyarrow-17.0.0-150600.2.16 updated - python311-FontTools-4.53.1-150600.1.5 updated - python311-scikit-learn-1.5.1-150600.1.12 updated - python311-opentelemetry-util-http-0.48b0-150600.1.2 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.2 updated - python311-requests-2.32.3-150600.1.5 updated - python311-RTFDE-0.1.1-150600.1.2 updated - python311-dj-database-url-2.3.0-150600.1.2 updated - python311-fpdf2-2.7.9-150600.1.2 updated - libopencv410-4.10.0-150600.1.8 updated - python311-opentelemetry-instrumentation-asgi-0.48b0-150600.1.2 updated - python311-youtube-transcript-api-0.6.2-150600.1.2 updated - python311-tiktoken-0.7.0-150600.1.5 updated - python311-python-engineio-4.8.0-150600.1.2 updated - python311-posthog-3.6.0-150600.1.3 updated - python311-nltk-3.9.1-150600.1.2 updated - python311-google-auth-2.34.0-150600.1.3 updated - python311-fsspec-2024.3.1-150600.1.5 updated - python311-docker-7.1.0-150600.1.2 updated - python311-botocore-1.35.21-150600.1.5 updated - python311-extract-msg-0.49.0-150600.1.2 updated - python311-environs-11.0.0-150600.1.2 updated - libopencv_objdetect410-4.10.0-150600.1.8 updated - libopencv_imgcodecs410-4.10.0-150600.1.8 updated - python311-opentelemetry-instrumentation-fastapi-0.48b0-150600.1.3 updated - python311-unstructured-client-0.25.9-150600.1.4 updated - python311-langchain-community-0.2.12-150600.1.4 updated - python311-langchain-0.2.16-150600.1.2 updated - python311-python-socketio-5.11.4-150600.1.2 updated - python311-kubernetes-28.1.0-150600.1.2 updated - python311-google-auth-httplib2-0.2.0-150600.1.3 updated - python311-google-api-core-2.19.2-150600.1.2 updated - python311-huggingface-hub-0.23.4-150600.1.3 updated - python311-pymilvus-2.4.7-150600.1.5 updated - libopencv_face410-4.10.0-150600.1.8 updated - libopencv_aruco410-4.10.0-150600.1.8 updated - libopencv_ximgproc410-4.10.0-150600.1.8 updated - python311-google-api-python-client-2.143.0-150600.1.2 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.2 updated - python311-tokenizers-0.20.0-150600.1.5 updated - python311-boto3-1.35.21-150600.1.3 updated - python311-av-11.0.0-150600.1.4 updated - libopencv_optflow410-4.10.0-150600.1.8 updated - libopencv_highgui410-4.10.0-150600.1.8 updated - python311-google-generativeai-0.8.2-150600.1.2 updated - python311-chromadb-0.5.9-150600.1.4 updated - python311-anthropic-0.33.1-150600.1.2 updated - python311-faster_whisper-1.0.3-150600.1.5 updated - python311-pydub-0.25.1-150600.1.2 updated - libopencv_gapi410-4.10.0-150600.1.8 updated - libopencv_videoio410-4.10.0-150600.1.8 updated - python311-torch-2.3.1-150600.1.4 updated - python311-opencv-4.10.0-150600.1.8 updated - python311-datasets-3.0.1-150600.1.2 updated - python311-transformers-4.44.2-150600.1.2 updated - python311-unstructured-0.15.9-150600.1.4 updated - python311-sentence-transformers-3.0.1-150600.1.4 updated - python311-colbert-ai-0.2.21-150600.1.2 updated - python311-open-webui-0.3.32-150600.1.44 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:18:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:18:12 +0100 (CET) Subject: SUSE-CU-2025:782-1: Security update of suse/389-ds Message-ID: <20250212081812.E2646FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:782-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-52.4 , suse/389-ds:latest Container Release : 52.4 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:18:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:18:59 +0100 (CET) Subject: SUSE-CU-2025:783-1: Security update of bci/dotnet-aspnet Message-ID: <20250212081859.3DD72FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:783-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.12 , bci/dotnet-aspnet:8.0.12-45.6 Container Release : 45.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:19:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:19:12 +0100 (CET) Subject: SUSE-CU-2025:784-1: Security update of bci/dotnet-aspnet Message-ID: <20250212081912.66EACFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:784-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.1 , bci/dotnet-aspnet:9.0.1-4.6 , bci/dotnet-aspnet:latest Container Release : 4.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:20:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:20:04 +0100 (CET) Subject: SUSE-CU-2025:786-1: Recommended update of bci/bci-busybox Message-ID: <20250212082004.72924FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:786-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.29.3 , bci/bci-busybox:latest Container Release : 29.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:433-1 Released: Tue Feb 11 17:40:33 2025 Summary: Recommended update for skelcd Type: recommended Severity: moderate References: This update for skelcd fixes the following issues: - add SUSE logo into BCI skelcd (jsc#PED-12111) - Update EULA with SLE BCI section (jsc#SLE-18082) Else in case beta EULAs have a more recent date than final EULAs The following package changes have been done: - skelcd-EULA-bci-20250207-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:20:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:20:35 +0100 (CET) Subject: SUSE-CU-2025:788-1: Security update of suse/registry Message-ID: <20250212082035.F361AFC34@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:788-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.9 , suse/registry:latest Container Release : 33.9 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:21:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:21:11 +0100 (CET) Subject: SUSE-CU-2025:790-1: Security update of bci/dotnet-sdk Message-ID: <20250212082111.EC92FFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:790-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.12 , bci/dotnet-sdk:8.0.12-49.5 Container Release : 49.5 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:21:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:21:20 +0100 (CET) Subject: SUSE-CU-2025:791-1: Security update of bci/dotnet-sdk Message-ID: <20250212082120.4C364FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:791-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.1 , bci/dotnet-sdk:9.0.1-5.6 , bci/dotnet-sdk:latest Container Release : 5.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:21:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:21:48 +0100 (CET) Subject: SUSE-CU-2025:792-1: Security update of bci/dotnet-runtime Message-ID: <20250212082148.C49AFFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:792-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.12 , bci/dotnet-runtime:8.0.12-45.6 Container Release : 45.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:21:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:21:57 +0100 (CET) Subject: SUSE-CU-2025:793-1: Security update of bci/dotnet-runtime Message-ID: <20250212082157.677D3FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:793-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.1 , bci/dotnet-runtime:9.0.1-4.6 , bci/dotnet-runtime:latest Container Release : 4.6 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:22:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:22:15 +0100 (CET) Subject: SUSE-CU-2025:794-1: Security update of bci/gcc Message-ID: <20250212082215.A9C8CFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:794-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.19 , bci/gcc:latest Container Release : 8.19 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:22:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:22:46 +0100 (CET) Subject: SUSE-CU-2025:795-1: Security update of suse/git Message-ID: <20250212082246.3E636FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:795-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.6 , suse/git:latest Container Release : 36.6 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:23:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:23:11 +0100 (CET) Subject: SUSE-CU-2025:797-1: Security update of bci/golang Message-ID: <20250212082311.D37E6FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:797-1 Container Tags : bci/golang:1.22 , bci/golang:1.22.12 , bci/golang:1.22.12-2.48.22 , bci/golang:oldstable , bci/golang:oldstable-2.48.22 Container Release : 48.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:23:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:23:42 +0100 (CET) Subject: SUSE-CU-2025:798-1: Security update of bci/golang Message-ID: <20250212082342.0B6D2FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:798-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.19 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.19 Container Release : 55.19 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl-3-devel-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:23:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:23:43 +0100 (CET) Subject: SUSE-CU-2025:799-1: Security update of bci/golang Message-ID: <20250212082343.1F952FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:799-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.21 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.21 Container Release : 55.21 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:24:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:24:11 +0100 (CET) Subject: SUSE-CU-2025:800-1: Security update of bci/golang Message-ID: <20250212082411.4B223FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:800-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-1.48.22 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.22 Container Release : 48.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:24:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:24:44 +0100 (CET) Subject: SUSE-CU-2025:801-1: Security update of bci/golang Message-ID: <20250212082444.A3B11FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:801-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.18 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.18 Container Release : 55.18 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl-3-devel-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:24:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:24:45 +0100 (CET) Subject: SUSE-CU-2025:802-1: Security update of bci/golang Message-ID: <20250212082445.B7A17FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:802-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.20 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.20 Container Release : 55.20 Severity : moderate Type : security References : 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 08:25:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 09:25:02 +0100 (CET) Subject: SUSE-CU-2025:804-1: Security update of suse/helm Message-ID: <20250212082502.93EC6FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:804-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-39.2 , suse/helm:latest Container Release : 39.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:06:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:06:54 +0100 (CET) Subject: SUSE-CU-2025:805-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250212120654.AECC7FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:805-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.39 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.39 , suse/ltss/sle15.3/sle15:latest Container Release : 2.39 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:372-1 Released: Wed Feb 5 16:35:47 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - curl-7.66.0-150200.4.84.1 updated - libcurl4-7.66.0-150200.4.84.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:07:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:07:56 +0100 (CET) Subject: SUSE-CU-2025:807-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250212120756.48A6EFC34@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:807-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.21 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.21 , suse/ltss/sle15.4/sle15:latest Container Release : 2.21 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:361-1 Released: Wed Feb 5 11:00:36 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - curl-8.0.1-150400.5.62.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150400.3.110.1 updated - zypper-1.14.81-150400.3.73.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:10:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:10:28 +0100 (CET) Subject: SUSE-CU-2025:808-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250212121028.35FE9FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:808-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.11 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.11 , suse/ltss/sle15.5/sle15:latest Container Release : 4.11 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:387-1 Released: Fri Feb 7 18:16:13 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - libopenssl3-3.0.8-150500.5.51.1 updated - openssl-3-3.0.8-150500.5.51.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:10:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:10:43 +0100 (CET) Subject: SUSE-CU-2025:804-1: Security update of suse/helm Message-ID: <20250212121043.10AFEFC34@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:804-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-39.2 , suse/helm:latest Container Release : 39.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:11:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:11:03 +0100 (CET) Subject: SUSE-CU-2025:810-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250212121103.53154FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:810-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.98 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.98 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:11:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:11:29 +0100 (CET) Subject: SUSE-CU-2025:811-1: Security update of bci/bci-init Message-ID: <20250212121129.4C2E9FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:811-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.18 , bci/bci-init:latest Container Release : 30.18 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:11:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:11:57 +0100 (CET) Subject: SUSE-CU-2025:812-1: Security update of bci/kiwi Message-ID: <20250212121157.009DCFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:812-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.30 , bci/kiwi:latest Container Release : 20.30 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:12:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:12:08 +0100 (CET) Subject: SUSE-CU-2025:814-1: Recommended update of bci/bci-micro Message-ID: <20250212121208.DAF9FFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:814-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.29.3 , bci/bci-micro:latest Container Release : 29.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:433-1 Released: Tue Feb 11 17:40:33 2025 Summary: Recommended update for skelcd Type: recommended Severity: moderate References: This update for skelcd fixes the following issues: - add SUSE logo into BCI skelcd (jsc#PED-12111) - Update EULA with SLE BCI section (jsc#SLE-18082) Else in case beta EULAs have a more recent date than final EULAs The following package changes have been done: - skelcd-EULA-bci-20250207-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:12:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:12:43 +0100 (CET) Subject: SUSE-CU-2025:816-1: Security update of suse/nginx Message-ID: <20250212121243.8150CFC34@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:816-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.19 , suse/nginx:latest Container Release : 51.19 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:13:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:13:10 +0100 (CET) Subject: SUSE-CU-2025:817-1: Security update of bci/nodejs Message-ID: <20250212121310.975CDFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:817-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.22 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.22 , bci/nodejs:latest Container Release : 48.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:13:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:13:13 +0100 (CET) Subject: SUSE-CU-2025:818-1: Security update of bci/nodejs Message-ID: <20250212121313.CB166FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:818-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.11 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.11 Container Release : 31.11 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:13:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:13:50 +0100 (CET) Subject: SUSE-CU-2025:819-1: Security update of bci/openjdk-devel Message-ID: <20250212121350.A5A36FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:819-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-32.22 , bci/openjdk-devel:latest Container Release : 32.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:bci-openjdk-21-aca97a907e425f3f48eb10ba2fd2854e5b43053ba4b773a07ca9d3f74358987d-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:14:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:14:18 +0100 (CET) Subject: SUSE-CU-2025:820-1: Security update of bci/openjdk Message-ID: <20250212121418.80916FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:820-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-32.20 , bci/openjdk:latest Container Release : 32.20 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:14:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:14:38 +0100 (CET) Subject: SUSE-CU-2025:821-1: Security update of suse/pcp Message-ID: <20250212121438.BE148FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:821-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.21 , suse/pcp:latest Container Release : 42.21 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:bci-bci-init-15.6-1f7bc837888227da3caf973f8b503f99a21ea9a2ea35db89ea4e69b35254042d-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:15:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:15:00 +0100 (CET) Subject: SUSE-CU-2025:822-1: Security update of bci/php-apache Message-ID: <20250212121500.CCEE2FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:822-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.22 , bci/php-apache:latest Container Release : 48.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:15:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:15:24 +0100 (CET) Subject: SUSE-CU-2025:823-1: Security update of bci/php-fpm Message-ID: <20250212121524.06029FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:823-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.21 , bci/php-fpm:latest Container Release : 48.21 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:15:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:15:44 +0100 (CET) Subject: SUSE-CU-2025:824-1: Security update of bci/php Message-ID: <20250212121544.98CB3FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:824-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.18 , bci/php:latest Container Release : 48.18 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:16:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:16:05 +0100 (CET) Subject: SUSE-CU-2025:826-1: Security update of suse/postgres Message-ID: <20250212121605.EEDA0FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:826-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-59.2 Container Release : 59.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:16:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:16:12 +0100 (CET) Subject: SUSE-CU-2025:829-1: Security update of suse/postgres Message-ID: <20250212121612.655E2FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:829-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-40.2 , suse/postgres:latest Container Release : 40.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:16:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:16:44 +0100 (CET) Subject: SUSE-CU-2025:831-1: Security update of bci/python Message-ID: <20250212121644.CE4EDFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:831-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.19 Container Release : 61.19 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:17:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:17:15 +0100 (CET) Subject: SUSE-CU-2025:832-1: Security update of bci/python Message-ID: <20250212121715.CE7D7FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:832-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.20 , bci/python:latest Container Release : 61.20 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:33:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:33:21 +0100 (CET) Subject: SUSE-CU-2025:832-1: Security update of bci/python Message-ID: <20250212123321.0FF4EFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:832-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.20 , bci/python:latest Container Release : 61.20 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:33:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:33:44 +0100 (CET) Subject: SUSE-CU-2025:834-1: Security update of bci/python Message-ID: <20250212123344.08805FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:834-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.19 Container Release : 60.19 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:34:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:34:00 +0100 (CET) Subject: SUSE-CU-2025:836-1: Security update of suse/rmt-mariadb-client Message-ID: <20250212123400.26EF6FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:836-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-55.2 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-55.2 , suse/rmt-mariadb-client:latest Container Release : 55.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:34:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:34:19 +0100 (CET) Subject: SUSE-CU-2025:839-1: Security update of suse/rmt-mariadb Message-ID: <20250212123419.149D4FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:839-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-61.2 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-61.2 , suse/rmt-mariadb:latest Container Release : 61.2 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:34:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:34:32 +0100 (CET) Subject: SUSE-CU-2025:841-1: Security update of suse/rmt-server Message-ID: <20250212123432.07687FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:841-1 Container Tags : suse/rmt-server:2.21 , suse/rmt-server:2.21-56.20 , suse/rmt-server:latest Container Release : 56.20 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:34:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:34:55 +0100 (CET) Subject: SUSE-CU-2025:842-1: Security update of bci/ruby Message-ID: <20250212123455.51AEEFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:842-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.22 , bci/ruby:latest Container Release : 31.22 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:35:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:35:15 +0100 (CET) Subject: SUSE-CU-2025:843-1: Security update of bci/rust Message-ID: <20250212123515.4699AFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:843-1 Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-2.2.17 , bci/rust:oldstable , bci/rust:oldstable-2.2.17 Container Release : 2.17 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:35:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:35:34 +0100 (CET) Subject: SUSE-CU-2025:844-1: Security update of bci/rust Message-ID: <20250212123534.C916BFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:844-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-1.2.17 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.17 Container Release : 2.17 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:35:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:35:42 +0100 (CET) Subject: SUSE-CU-2025:845-1: Security update of containers/apache-tomcat Message-ID: <20250212123542.D6F5CFC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:845-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:35:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:35:54 +0100 (CET) Subject: SUSE-CU-2025:847-1: Security update of containers/apache-tomcat Message-ID: <20250212123554.328FEFC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:847-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:06 +0100 (CET) Subject: SUSE-CU-2025:849-1: Security update of containers/apache-tomcat Message-ID: <20250212123606.893E5FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:849-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.18 Container Release : 62.18 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:17 +0100 (CET) Subject: SUSE-CU-2025:851-1: Security update of containers/apache-tomcat Message-ID: <20250212123617.853E8FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:851-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.19 Container Release : 62.19 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:28 +0100 (CET) Subject: SUSE-CU-2025:853-1: Security update of containers/apache-tomcat Message-ID: <20250212123628.83428FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:853-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.19 Container Release : 62.19 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:38 +0100 (CET) Subject: SUSE-CU-2025:855-1: Security update of containers/apache-tomcat Message-ID: <20250212123638.22887FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:855-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.19 Container Release : 62.19 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:47 +0100 (CET) Subject: SUSE-CU-2025:857-1: Security update of containers/apache-tomcat Message-ID: <20250212123647.8ABA2FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:857-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.19 Container Release : 62.19 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:36:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:36:56 +0100 (CET) Subject: SUSE-CU-2025:859-1: Security update of containers/python Message-ID: <20250212123656.72363FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:859-1 Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.18 Container Release : 44.18 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:37:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:37:02 +0100 (CET) Subject: SUSE-CU-2025:860-1: Security update of containers/python Message-ID: <20250212123702.95BF8FC34@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:860-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.20 Container Release : 51.20 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:37:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:37:20 +0100 (CET) Subject: SUSE-CU-2025:861-1: Security update of suse/sle15 Message-ID: <20250212123720.D0EDEFC34@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:861-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.7 , suse/sle15:15.6 , suse/sle15:15.6.47.20.7 Container Release : 47.20.7 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:433-1 Released: Tue Feb 11 17:40:33 2025 Summary: Recommended update for skelcd Type: recommended Severity: moderate References: This update for skelcd fixes the following issues: - add SUSE logo into BCI skelcd (jsc#PED-12111) - Update EULA with SLE BCI section (jsc#SLE-18082) Else in case beta EULAs have a more recent date than final EULAs The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - skelcd-EULA-bci-20250207-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:37:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:37:45 +0100 (CET) Subject: SUSE-CU-2025:862-1: Security update of bci/spack Message-ID: <20250212123745.D4D2EFC34@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:862-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-2.1 , bci/spack:latest Container Release : 2.1 Severity : important Type : security References : 1235144 1235873 1236267 1236460 1236588 1236590 CVE-2022-49043 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4671-1 Released: Wed Dec 6 14:33:41 2023 Summary: Recommended update for man Type: recommended Severity: moderate References: This update of man fixes the following problem: - The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:323-1 Released: Mon Feb 3 09:12:14 2025 Summary: Feature update for spack Type: feature Severity: moderate References: 1235144 This update for spack fixes the following issues: spack was updated from version 0.21.3 to 0.23.0: - Improved documentation generation (bsc#1235144) - Version v0.23.0: * New features: + Spec splicing + Broader variant propagation + Ability to query specs by namespace + `spack spec` now respects environment settings and `unify:true` + Improved and polished `spack spec` and `spack find -c` output + The command `spack -C ` allows to use an environment's configuration without activation * New commands, options, and directives: + The new `spack env track` command takes a non-managed Spack environment and adds a symlink to Spack's `$environments_root` directory. + Added `-t` short option for `spack --backtrace` to output backtrace errors + `gc` now allows to garbage-collect specific packages through the command line + `oci buildcaches` now supports the option `--only=package` * Highlighted bugfixes: + Externals no longer override the preferred provider + Composable `cflags` + Fixed concretizer Unification for included environments * Deprecations, removals, and syntax changes: + The old concretizer has been removed from Spack, along with the `config:concretizer` config option + Best-effort expansion of spec matrices has been removed + The old Cray `platform` (based on Cray PE modules) has been removed, and `platform=cray` is no longer supported + The `config:install_missing_compilers` config option has beendeprecated + Config options that deprecated in `v0.21` have been removed + Spack's old test interface has been removed + The `spack versions --safe-only` option, deprecated since `v0.21.0`, has been removed + The `--dependencies` and `--optimize` arguments to `spack ci` have been deprecated - Version 0.22.2: * Bugs fixed: + Bumped vendored `archspec` for better aarch64 support + Fixed regression in `{variants.X}` and `{variants.X.value}` format strings + Ensure shell escaping of environment variable values in load and activate commands + Fixed an issue where `spec[pkg]` considers specs outside the current DAG + Do not halt concretization on unknown variants in externals + Improved validation of `develop` config section/ + Explicitly disable `ccache` if turned off in config, to avoid cache pollution + Improved backwards compatibility in `include_concrete` + Fixed issue where package tags were sometimes repeated + Make `setup-env.sh` 'sourced only' by dropping execution bits + Make certain source/binary fetch errors recoverable instead of a hard error + Do not initialize previous store state in `use_store` - Update to 0.22.1. * Bugs fixed: + Fix reuse of externals on Linux + Ensure parent gcc-runtime version >= child + Ensure the latest gcc-runtime is rpath'ed when multiple exist among link deps + Improve version detection of glibc + Improve heuristics for solver + Make strong preferences override reuse + Reduce verbosity when C compiler is missing + Make missing ccache executable an error when required + Make every environment view containing `python` a `venv` + Fix external detection for compilers with os but no target. + Fix version optimization for roots. + Handle common implementations of pagination of tags in OCI build caches. + Apply fetched patches to develop specs + Avoid Windows wrappers for filesystem utilities on non-Windows + Fix formatting issue in `spack audit` * Other changes: + Give 'site' scope a lower precedence than 'system' scope - Version 0.22.0: * New features: + Compiler dependencies are moving from `compilers.yaml` to `packages.yaml` + Improved spack find UI for Environments + Improved command-line string quoting + Revert default spack install behavior to `--reuse` + The `install` command now offers three options + More control over reused specs + New `conflict:` and `prefer:` syntax for package preferences + `include_concrete` in environments + `python-venv` isolation + Packages can now specify whether they may be distributed in source or binary form * Removals, deprecations, and syntax changes: + Removed `dpcpp` compiler and package + `spack load`: removed `--only` argument * Bugs fixed: + repo.py: drop deleted packages from provider cache + Allow `+` in module file names + `cmd/python`: use runpy to allow multiprocessing in scripts + Show extension commands with `spack -h` + Support environment variable expansion inside module projections + Alert user to failed concretizations + `shell`: fix `zsh` color formatting for PS1 in environments + `spack mirror create --all`: include patches ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libxml2-2-2.10.3-150500.5.20.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - permissions-20240826-150600.10.15.2 updated - system-user-nobody-20170617-150400.24.2.1 added - curl-8.6.0-150600.4.21.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - libgfortran4-7.5.0+r278197-150000.4.44.1 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.44.1 updated - libcurl-devel-8.6.0-150600.4.21.1 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - gcc7-fortran-7.5.0+r278197-150000.4.44.1 updated - gcc7-c++-7.5.0+r278197-150000.4.44.1 updated - spack-recipes-0.23.0-150400.21.1 updated - spack-0.23.0-150400.21.1 updated - container:registry.suse.com-bci-bci-base-15.6-704e04e61fd1d03d01bb73f644d97e12468d7e0d4a2671f88f736f268cae8832-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:37:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:37:46 +0100 (CET) Subject: SUSE-CU-2025:863-1: Security update of bci/spack Message-ID: <20250212123746.8AB75FC34@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:863-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-2.3 , bci/spack:latest Container Release : 2.3 Severity : moderate Type : security References : 1236136 1236619 CVE-2024-13176 CVE-2025-24528 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - libopenssl-3-devel-3.1.4-150600.5.24.1 updated - container:registry.suse.com-bci-bci-base-15.6-6a84d2c0be31aa11bda26eb3f9c125564be351c68d9e85639bdb2428a02e466b-0 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:37:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:37:48 +0100 (CET) Subject: SUSE-CU-2025:864-1: Security update of suse/stunnel Message-ID: <20250212123748.17D95FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:864-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.6 , suse/stunnel:latest Container Release : 37.6 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Wed Feb 12 12:50:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 12 Feb 2025 13:50:40 +0100 (CET) Subject: SUSE-CU-2025:864-1: Security update of suse/stunnel Message-ID: <20250212125040.22168FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:864-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.6 , suse/stunnel:latest Container Release : 37.6 Severity : moderate Type : security References : 1236136 CVE-2024-13176 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). The following package changes have been done: - libopenssl3-3.1.4-150600.5.24.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:11:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:11:33 +0100 (CET) Subject: SUSE-IU-2025:585-1: Security update of suse-sles-15-sp5-chost-byos-v20250212-x86_64-gen2 Message-ID: <20250213121133.C6336FC34@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250212-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:585-1 Image Tags : suse-sles-15-sp5-chost-byos-v20250212-x86_64-gen2:20250212 Image Release : Severity : important Type : security References : 1185551 1212476 1216091 1219680 1227237 1229106 1230795 1232458 1234444 1234752 1235636 1235991 1235992 1236136 1236460 1236588 1236590 1236596 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-13176 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20250212-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:287-1 Released: Wed Jan 29 16:24:46 2025 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1212476,1219680,1227237 This update for cloud-init fixes the following issues: - remove dependency on /usr/bin/python3 via using the macros (bsc#1212476). + Brute force approach to skip renames if the device is already present - cloud-init: Wait for udev once if we cannot find the expected MAC (bsc#1227237). - cloud-init: rename devices below VLAN fails again/on SLES 15 SP5 (bsc#1219680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:304-1 Released: Thu Jan 30 15:52:19 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:334-1 Released: Mon Feb 3 15:17:03 2025 Summary: Recommended update for azure-vm-utils Type: recommended Severity: important References: This update for azure-vm-utils includes the following fixes: - Include in SLE-15 and SLFO (jsc#PED-11608) - Add sed invocation to adjust path to bash interpretor on SLE-12 - Initial packaging (0.4.0). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:359-1 Released: Wed Feb 5 10:08:48 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,CVE-2024-11187 This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:366-1 Released: Wed Feb 5 11:57:42 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - azure-vm-utils-0.4.0-150500.11.3.2 added - bind-utils-9.16.50-150500.8.24.1 updated - cloud-init-config-suse-23.3-150100.8.85.4 updated - cloud-init-23.3-150100.8.85.4 updated - curl-8.0.1-150400.5.62.1 updated - krb5-1.20.1-150500.3.12.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libopenssl1_1-1.1.1l-150500.17.40.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150500.6.36.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - python3-bind-9.16.50-150500.8.24.1 updated - wget-1.20.3-150000.3.29.1 updated - zypper-1.14.81-150500.6.20.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:11:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:11:44 +0100 (CET) Subject: SUSE-IU-2025:586-1: Security update of suse-sles-15-sp5-chost-byos-v20250212-hvm-ssd-x86_64 Message-ID: <20250213121144.36952FC34@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250212-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:586-1 Image Tags : suse-sles-15-sp5-chost-byos-v20250212-hvm-ssd-x86_64:20250212 Image Release : Severity : important Type : security References : 1185551 1212476 1216091 1219680 1227237 1229106 1230795 1232458 1234444 1234752 1235636 1235991 1235992 1236136 1236460 1236588 1236590 1236596 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-13176 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20250212-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:287-1 Released: Wed Jan 29 16:24:46 2025 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1212476,1219680,1227237 This update for cloud-init fixes the following issues: - remove dependency on /usr/bin/python3 via using the macros (bsc#1212476). + Brute force approach to skip renames if the device is already present - cloud-init: Wait for udev once if we cannot find the expected MAC (bsc#1227237). - cloud-init: rename devices below VLAN fails again/on SLES 15 SP5 (bsc#1219680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:304-1 Released: Thu Jan 30 15:52:19 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:359-1 Released: Wed Feb 5 10:08:48 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,CVE-2024-11187 This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:366-1 Released: Wed Feb 5 11:57:42 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - bind-utils-9.16.50-150500.8.24.1 updated - cloud-init-config-suse-23.3-150100.8.85.4 updated - cloud-init-23.3-150100.8.85.4 updated - curl-8.0.1-150400.5.62.1 updated - krb5-1.20.1-150500.3.12.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libopenssl1_1-1.1.1l-150500.17.40.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150500.6.36.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - python3-bind-9.16.50-150500.8.24.1 updated - wget-1.20.3-150000.3.29.1 updated - zypper-1.14.81-150500.6.20.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:12:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:12:03 +0100 (CET) Subject: SUSE-IU-2025:587-1: Security update of sles-15-sp5-chost-byos-v20250212-arm64 Message-ID: <20250213121203.1A0DCFC34@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20250212-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:587-1 Image Tags : sles-15-sp5-chost-byos-v20250212-arm64:20250212 Image Release : Severity : important Type : security References : 1185551 1216091 1225974 1229106 1230795 1232458 1234254 1234255 1234289 1234293 1234444 1234752 1235636 1235991 1235992 1236136 1236406 1236407 1236460 1236588 1236590 1236596 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-13176 CVE-2024-24790 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20250212-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:276-1 Released: Tue Jan 28 21:38:15 2025 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1234254,1234255,1234289,1234293 This update for google-guest-configs fixes the following issues: - Update to version 20241205.00 (bsc#1234254, bsc#1234255) - Avoid duplicate entries for the metadata server in /etc/hosts (bsc#1234289, bsc#1234293) - Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:302-1 Released: Thu Jan 30 15:50:21 2025 Summary: Security update for google-osconfig-agent Type: security Severity: moderate References: 1225974,1236406,1236407,CVE-2024-24790 This update for google-osconfig-agent fixes the following issues: - Update to version 20250115.01 (bsc#1236406, bsc#1236407) - CVE-2024-24790: Bump the golang compiler version to 1.22.4 (bsc#1225974) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:304-1 Released: Thu Jan 30 15:52:19 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:345-1 Released: Mon Feb 3 21:03:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:359-1 Released: Wed Feb 5 10:08:48 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,CVE-2024-11187 This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:362-1 Released: Wed Feb 5 11:01:18 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:366-1 Released: Wed Feb 5 11:57:42 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - bind-utils-9.16.50-150500.8.24.1 updated - curl-8.0.1-150400.5.62.1 updated - google-guest-configs-20241205.00-150400.13.17.1 updated - google-osconfig-agent-20250115.01-150000.1.41.1 updated - krb5-1.20.1-150500.3.12.1 updated - libcurl4-8.0.1-150400.5.62.1 updated - libopenssl1_1-1.1.1l-150500.17.40.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150500.6.36.1 updated - openssl-1_1-1.1.1l-150500.17.40.1 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - python3-bind-9.16.50-150500.8.24.1 updated - wget-1.20.3-150000.3.29.1 updated - zypper-1.14.81-150500.6.20.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:12:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:12:09 +0100 (CET) Subject: SUSE-IU-2025:589-1: Security update of suse-sles-15-sp6-chost-byos-v20250212-x86_64-gen2 Message-ID: <20250213121209.A331CFC34@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250212-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:589-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250212-x86_64-gen2:20250212 Image Release : Severity : important Type : security References : 1185551 1212476 1216091 1219680 1227237 1229106 1230795 1232458 1234444 1234752 1235636 1235873 1235991 1235992 1236136 1236460 1236588 1236590 1236596 1236597 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-12705 CVE-2024-13176 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250212-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:287-1 Released: Wed Jan 29 16:24:46 2025 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1212476,1219680,1227237 This update for cloud-init fixes the following issues: - remove dependency on /usr/bin/python3 via using the macros (bsc#1212476). + Brute force approach to skip renames if the device is already present - cloud-init: Wait for udev once if we cannot find the expected MAC (bsc#1227237). - cloud-init: rename devices below VLAN fails again/on SLES 15 SP5 (bsc#1219680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:334-1 Released: Mon Feb 3 15:17:03 2025 Summary: Recommended update for azure-vm-utils Type: recommended Severity: important References: This update for azure-vm-utils includes the following fixes: - Include in SLE-15 and SLFO (jsc#PED-11608) - Add sed invocation to adjust path to bash interpretor on SLE-12 - Initial packaging (0.4.0). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:355-1 Released: Tue Feb 4 13:59:25 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,1236597,CVE-2024-11187,CVE-2024-12705 This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:425-1 Released: Tue Feb 11 11:33:14 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - azure-vm-utils-0.4.0-150500.11.3.2 added - bind-utils-9.18.33-150600.3.6.1 updated - cloud-init-config-suse-23.3-150100.8.85.4 updated - cloud-init-23.3-150100.8.85.4 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150600.3.44.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - permissions-20240826-150600.10.15.2 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - wget-1.20.3-150600.19.12.1 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:12:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:12:13 +0100 (CET) Subject: SUSE-IU-2025:590-1: Security update of suse-sles-15-sp6-chost-byos-v20250212-hvm-ssd-x86_64 Message-ID: <20250213121213.B0C2BFC34@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250212-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:590-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250212-hvm-ssd-x86_64:20250212 Image Release : Severity : important Type : security References : 1185551 1212476 1216091 1219680 1227237 1229106 1230795 1232458 1234444 1234752 1235636 1235873 1235991 1235992 1236136 1236460 1236588 1236590 1236596 1236597 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-12705 CVE-2024-13176 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250212-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:287-1 Released: Wed Jan 29 16:24:46 2025 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1212476,1219680,1227237 This update for cloud-init fixes the following issues: - remove dependency on /usr/bin/python3 via using the macros (bsc#1212476). + Brute force approach to skip renames if the device is already present - cloud-init: Wait for udev once if we cannot find the expected MAC (bsc#1227237). - cloud-init: rename devices below VLAN fails again/on SLES 15 SP5 (bsc#1219680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:355-1 Released: Tue Feb 4 13:59:25 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,1236597,CVE-2024-11187,CVE-2024-12705 This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:425-1 Released: Tue Feb 11 11:33:14 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - bind-utils-9.18.33-150600.3.6.1 updated - cloud-init-config-suse-23.3-150100.8.85.4 updated - cloud-init-23.3-150100.8.85.4 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150600.3.44.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - permissions-20240826-150600.10.15.2 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - wget-1.20.3-150600.19.12.1 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:12:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:12:20 +0100 (CET) Subject: SUSE-IU-2025:591-1: Security update of sles-15-sp6-chost-byos-v20250212-arm64 Message-ID: <20250213121220.CBC8EFC34@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250212-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:591-1 Image Tags : sles-15-sp6-chost-byos-v20250212-arm64:20250212 Image Release : Severity : important Type : security References : 1185551 1216091 1225974 1229106 1230795 1232458 1234254 1234255 1234289 1234293 1234444 1234752 1235636 1235873 1235991 1235992 1236136 1236406 1236407 1236460 1236588 1236590 1236596 1236597 1236619 CVE-2021-31879 CVE-2022-49043 CVE-2024-11187 CVE-2024-12705 CVE-2024-13176 CVE-2024-24790 CVE-2025-0167 CVE-2025-0725 CVE-2025-24528 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250212-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:276-1 Released: Tue Jan 28 21:38:15 2025 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1234254,1234255,1234289,1234293 This update for google-guest-configs fixes the following issues: - Update to version 20241205.00 (bsc#1234254, bsc#1234255) - Avoid duplicate entries for the metadata server in /etc/hosts (bsc#1234289, bsc#1234293) - Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:302-1 Released: Thu Jan 30 15:50:21 2025 Summary: Security update for google-osconfig-agent Type: security Severity: moderate References: 1225974,1236406,1236407,CVE-2024-24790 This update for google-osconfig-agent fixes the following issues: - Update to version 20250115.01 (bsc#1236406, bsc#1236407) - CVE-2024-24790: Bump the golang compiler version to 1.22.4 (bsc#1225974) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:321-1 Released: Mon Feb 3 08:37:56 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1235991,1235992 This update for python-instance-billing-flavor-check fixes the following issues: - Add time stamp to log (bsc#1235991, bsc#1235992) - Doc improvements clarifying exit status codes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:355-1 Released: Tue Feb 4 13:59:25 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,1236597,CVE-2024-11187,CVE-2024-12705 This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:425-1 Released: Tue Feb 11 11:33:14 2025 Summary: Security update for wget Type: security Severity: moderate References: 1185551,1230795,CVE-2021-31879 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:437-1 Released: Wed Feb 12 06:04:18 2025 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: important References: 1234444 This update for python-instance-billing-flavor-check fixes the following issues: - Improve detection of IPv4 and IPv6 network setup and use appropriate IP version to access the update servers (bsc#1234444) - Improve reliability of flavor detection, use cached value in case of timeout (bsc#1234444) The following package changes have been done: - bind-utils-9.18.33-150600.3.6.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - google-guest-configs-20241205.00-150400.13.17.1 updated - google-osconfig-agent-20250115.01-150000.1.41.1 updated - krb5-1.20.1-150600.11.8.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libzypp-17.35.19-150600.3.44.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - permissions-20240826-150600.10.15.2 updated - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 updated - wget-1.20.3-150600.19.12.1 updated - zypper-1.14.81-150600.10.22.1 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:15:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:15:06 +0100 (CET) Subject: SUSE-IU-2025:594-1: Security update of suse/sle-micro/5.5 Message-ID: <20250213121506.AC1B0FC34@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:594-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.238 , suse/sle-micro/5.5:latest Image Release : 5.5.238 Severity : moderate Type : security References : 1227052 1236507 CVE-2023-45288 CVE-2024-6104 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:458-1 Released: Wed Feb 12 13:02:25 2025 Summary: Security update for podman Type: security Severity: moderate References: 1227052,1236507,CVE-2023-45288,CVE-2024-6104 This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227052) - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507) The following package changes have been done: - podman-4.9.5-150500.3.34.2 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:22:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:22:01 +0100 (CET) Subject: SUSE-CU-2025:884-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250213122201.33FA5FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:884-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.23 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:361-1 Released: Wed Feb 5 11:00:36 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150400.3.110.1 updated - zypper-1.14.81-150400.3.73.1 updated - curl-8.0.1-150400.5.62.1 updated - container:sles15-ltss-image-15.4.0-2.21 updated From sle-container-updates at lists.suse.com Thu Feb 13 12:22:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 13 Feb 2025 13:22:37 +0100 (CET) Subject: SUSE-CU-2025:885-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250213122237.A9C52FC34@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:885-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.25 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.25 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:361-1 Released: Wed Feb 5 11:00:36 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:370-1 Released: Wed Feb 5 16:33:28 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - libcurl4-8.0.1-150400.5.62.1 updated - libzypp-17.35.19-150400.3.110.1 updated - zypper-1.14.81-150400.3.73.1 updated - curl-8.0.1-150400.5.62.1 updated - container:sles15-ltss-image-15.4.0-2.21 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:03:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:03:05 +0100 (CET) Subject: SUSE-CU-2025:889-1: Recommended update of containers/milvus Message-ID: <20250214080305.91E3FFC34@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:889-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.33 Container Release : 7.33 Severity : moderate Type : recommended References : 1236960 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). The following package changes have been done: - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:04:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:04:19 +0100 (CET) Subject: SUSE-IU-2025:615-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250214080419.5F0CCFC34@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:615-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.142 , suse/sle-micro/base-5.5:latest Image Release : 5.8.142 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:04:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:04:52 +0100 (CET) Subject: SUSE-IU-2025:616-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250214080452.9457CFC34@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:616-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.275 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.275 Severity : moderate Type : security References : 1215192 1231472 CVE-2023-42467 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:516-1 Released: Thu Feb 13 12:59:03 2025 Summary: Security update for qemu Type: security Severity: moderate References: 1215192,CVE-2023-42467 This update for qemu fixes the following issues: - CVE-2023-42467: Disallow block sizes smaller than 512 (bsc#1215192). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - qemu-guest-agent-7.1.0-150500.49.30.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.142 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:05:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:05:45 +0100 (CET) Subject: SUSE-IU-2025:617-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250214080545.C9C38FC34@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:617-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.315 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.315 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.240 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:06:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:06:49 +0100 (CET) Subject: SUSE-IU-2025:618-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250214080649.BBD01FC34@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:618-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.240 , suse/sle-micro/5.5:latest Image Release : 5.5.240 Severity : moderate Type : recommended References : 1231472 1233265 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:505-1 Released: Thu Feb 13 11:33:42 2025 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1233265 This update for mdadm fixes the following issue: - mdopen: add /sbin to PATH when call system('modprobe md_mod') (bsc#1233265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - mdadm-4.2-150500.6.11.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.142 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:15:01 +0100 (CET) Subject: SUSE-CU-2025:893-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250214081501.7F467FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:893-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.84 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.84 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:20:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:20:31 +0100 (CET) Subject: SUSE-CU-2025:895-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250214082032.03D1EFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:895-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.84 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.84 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:25:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:25:25 +0100 (CET) Subject: SUSE-CU-2025:902-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250214082525.1E221FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:902-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.22 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.22 , suse/ltss/sle15.4/sle15:latest Container Release : 2.22 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:28:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:28:14 +0100 (CET) Subject: SUSE-CU-2025:903-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250214082814.9E93AFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:903-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.12 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.12 , suse/ltss/sle15.5/sle15:latest Container Release : 4.12 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:30:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:30:42 +0100 (CET) Subject: SUSE-CU-2025:910-1: Recommended update of suse/mariadb-client Message-ID: <20250214083042.B394CFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:910-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.2 , suse/mariadb-client:latest Container Release : 56.2 Severity : moderate Type : recommended References : 1236960 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). The following package changes have been done: - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:30:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:30:58 +0100 (CET) Subject: SUSE-CU-2025:911-1: Recommended update of suse/rmt-server Message-ID: <20250214083058.9A62AFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:911-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.2 , suse/rmt-server:latest Container Release : 36.2 Severity : moderate Type : recommended References : 1236960 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). The following package changes have been done: - permissions-20240826-150600.10.18.2 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:31:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:31:46 +0100 (CET) Subject: SUSE-CU-2025:913-1: Recommended update of bci/rust Message-ID: <20250214083146.9CE59FC33@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:913-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:474-1 Released: Wed Feb 12 15:00:12 2025 Summary: Recommended update for rust Type: recommended Severity: moderate References: This update for rust fixes the following issues: - Update to version 1.84.0 - for details see the rust1.84 package Version 1.84.0 (2025-01-09) ========================== Language -------- - Allow `#[deny]` inside `#[forbid]` as a no-op - Show a warning when `-Ctarget-feature` is used to toggle features that can lead to unsoundness due to ABI mismatches - Use the next-generation trait solver in coherence - Allow coercions to drop the principal of trait objects - Support `/` as the path separator for `include!()` in all cases on Windows - Taking a raw ref (`raw (const|mut)`) of a deref of a pointer (`*ptr`) is now safe - Stabilize s390x inline assembly - Stabilize Arm64EC inline assembly - Lint against creating pointers to immediately dropped temporaries - Execute drop glue when unwinding in an `extern 'C'` function Compiler -------- - Add `--print host-tuple` flag to print the host target tuple and affirm the 'target tuple' terminology over 'target triple' - Declaring functions with a calling convention not supported on the current target now triggers a hard error - Set up indirect access to external data for `loongarch64-unknown-linux-{musl,ohos}` - Enable XRay instrumentation for LoongArch Linux targets - Extend the `unexpected_cfgs` lint to also warn in external macros - Stabilize WebAssembly `multivalue`, `reference-types`, and `tail-call` target features - Added Tier 2 support for the `wasm32v1-none` target Libraries --------- - Implement `From<&mut {slice}>` for `Box/Rc/Arc<{slice}>` - Move `::copysign`, `::abs`, `::signum` to `core` - Add `LowerExp` and `UpperExp` implementations to `NonZero` - Implement `FromStr` for `CString` and `TryFrom` for `String` - `std::os::darwin` has been made public Stabilized APIs --------------- - `Ipv6Addr::is_unique_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unique_local - `Ipv6Addr::is_unicast_link_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unicast_link_local - `core::ptr::with_exposed_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html - `core::ptr::with_exposed_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.html - `::addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr - `::expose_provenance` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_provenance - `::with_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.with_addr - `::map_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.map_addr - `::isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.isqrt - `::checked_isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.checked_isqrt - `::isqrt` https://doc.rust-lang.org/stable/core/primitive.u32.html#method.isqrt - `NonZero::isqrt` https://doc.rust-lang.org/stable/core/num/struct.NonZero.html#impl-NonZero%3Cu128%3E/method.isqrt - `core::ptr::without_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance.html - `core::ptr::without_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html - `core::ptr::dangling` https://doc.rust-lang.org/stable/core/ptr/fn.dangling.html - `core::ptr::dangling_mut` https://doc.rust-lang.org/stable/core/ptr/fn.dangling_mut.html - `Pin::as_deref_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.as_deref_mut - `AtomicBool::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicBool.html#method.from_ptr - `AtomicPtr::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicPtr.html#method.from_ptr - `AtomicU8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU8.html#method.from_ptr - `AtomicU16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU16.html#method.from_ptr - `AtomicU32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU32.html#method.from_ptr - `AtomicU64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU64.html#method.from_ptr - `AtomicUsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicUsize.html#method.from_ptr - `AtomicI8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI8.html#method.from_ptr - `AtomicI16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI16.html#method.from_ptr - `AtomicI32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI32.html#method.from_ptr - `AtomicI64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI64.html#method.from_ptr - `AtomicIsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicIsize.html#method.from_ptr - `::is_null` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_null-1 - `::as_ref` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_ref-1 - `::as_mut` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_mut - `Pin::new` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new - `Pin::new_unchecked` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new_unchecked - `Pin::get_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_ref - `Pin::into_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.into_ref - `Pin::get_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_mut - `Pin::get_unchecked_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_unchecked_mut - `Pin::static_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_ref - `Pin::static_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_mut Cargo ----- - Stabilize MSRV-aware resolver config - Stabilize resolver v3 Rustdoc ------- - rustdoc-search: improve type-driven search Compatibility Notes ------------------- - Enable by default the `LSX` target feature for LoongArch Linux targets - The unstable `-Zprofile` flag (???gcov-style??? coverage instrumentation) has been removed. This does not affect the stable flags for coverage instrumentation (`-Cinstrument-coverage`) and profile-guided optimization (`-Cprofile-generate`, `-Cprofile-use`), which are unrelated and remain available. - Support for the target named `wasm32-wasi` has been removed as the target is now named `wasm32-wasip1`. This completes the transition plan for this target following the introduction of `wasm32-wasip1` in Rust 1.78. Compiler warnings on use of `wasm32-wasi` introduced in Rust 1.81 are now gone as well as the target is removed. - The syntax `&pin (mut|const) T` is now parsed as a type which in theory could affect macro expansion results in some edge cases - Legacy syntax for calling `std::arch` functions is no longer permitted to declare items or bodies (such as closures, inline consts, or async blocks). - Declaring functions with a calling convention not supported on the current target now triggers a hard error - The next-generation trait solver is now enabled for coherence, fixing multiple soundness issues The following package changes have been done: - rust1.84-1.84.0-150300.7.4.3 added - cargo1.84-1.84.0-150300.7.4.3 added - cargo1.83-1.83.0-150300.7.4.1 removed - rust1.83-1.83.0-150300.7.4.1 removed From sle-container-updates at lists.suse.com Fri Feb 14 08:32:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:32:18 +0100 (CET) Subject: SUSE-CU-2025:914-1: Recommended update of containers/apache-tomcat Message-ID: <20250214083218.E6753FC33@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:914-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.22 Container Release : 62.22 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:32:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:32:28 +0100 (CET) Subject: SUSE-CU-2025:915-1: Recommended update of containers/apache-tomcat Message-ID: <20250214083229.00363FC33@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:915-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.22 Container Release : 62.22 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:32:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:32:47 +0100 (CET) Subject: SUSE-CU-2025:916-1: Recommended update of containers/apache-tomcat Message-ID: <20250214083247.A6429FC33@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:916-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.22 Container Release : 62.22 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:33:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:33:11 +0100 (CET) Subject: SUSE-CU-2025:917-1: Recommended update of suse/sle15 Message-ID: <20250214083311.8B0D3FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:917-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.9 , suse/sle15:15.6 , suse/sle15:15.6.47.20.9 Container Release : 47.20.9 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:33:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:33:14 +0100 (CET) Subject: SUSE-CU-2025:918-1: Recommended update of suse/stunnel Message-ID: <20250214083314.DD602FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:918-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.9 , suse/stunnel:latest Container Release : 37.9 Severity : moderate Type : recommended References : 1236960 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). The following package changes have been done: - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:34:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:34:24 +0100 (CET) Subject: SUSE-CU-2025:919-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250214083424.EB70CFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:919-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.24 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.24 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:sles15-ltss-image-15.4.0-2.22 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:35:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:35:09 +0100 (CET) Subject: SUSE-CU-2025:920-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250214083509.DFC55FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:920-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.26 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.26 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:sles15-ltss-image-15.4.0-2.22 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:36:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:36:38 +0100 (CET) Subject: SUSE-CU-2025:922-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250214083638.C002DFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:922-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.15 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.15 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:sles15-ltss-image-15.4.0-2.22 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:37:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:37:30 +0100 (CET) Subject: SUSE-CU-2025:923-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250214083730.2936EFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:923-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.15 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.15 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:sles15-ltss-image-15.4.0-2.22 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:47:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:47:54 +0100 (CET) Subject: SUSE-CU-2025:923-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250214084754.F3700FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:923-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.15 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.15 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - container:sles15-ltss-image-15.4.0-2.22 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:49:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:49:26 +0100 (CET) Subject: SUSE-CU-2025:924-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250214084926.B3C55FC33@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:924-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.77 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.77 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Fri Feb 14 08:53:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 14 Feb 2025 09:53:32 +0100 (CET) Subject: SUSE-CU-2025:926-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250214085332.9F6FEFC33@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:926-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.79 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.79 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:03:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:03:51 +0100 (CET) Subject: SUSE-IU-2025:623-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250215080351.05B61FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:623-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.143 , suse/sle-micro/base-5.5:latest Image Release : 5.8.143 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:05:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:05:12 +0100 (CET) Subject: SUSE-IU-2025:626-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250215080512.43DC2FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:626-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.317 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.317 Severity : important Type : security References : 1194869 1216813 1223384 1225736 1226848 1226980 1228537 1228592 1230341 1230432 1230527 1230697 1231088 1231847 1232914 1233028 1233055 1233097 1233103 1233112 1233464 1233488 1233642 1233778 1234024 1234025 1234078 1234087 1234153 1234155 1234223 1234381 1234683 1234690 1234825 1234829 1234832 1234884 1234889 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234962 1234999 1235002 1235009 1235011 1235053 1235057 1235059 1235100 1235122 1235123 1235133 1235134 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235491 1235495 1235496 1235521 1235557 1235563 1235570 1235584 1235611 1235635 1235641 1235643 1235645 1235647 1235723 1235739 1235747 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235920 1235969 1236628 CVE-2024-26758 CVE-2024-26943 CVE-2024-36898 CVE-2024-38599 CVE-2024-41047 CVE-2024-45019 CVE-2024-46858 CVE-2024-50051 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50299 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53127 CVE-2024-53129 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53174 CVE-2024-53177 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-8805 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:556-1 Released: Fri Feb 14 16:26:33 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). The following package changes have been done: - kernel-rt-5.14.21-150500.13.85.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:09:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:09:07 +0100 (CET) Subject: SUSE-CU-2025:932-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250215080907.3B8A6FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:932-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.85 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.85 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:09:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:09:08 +0100 (CET) Subject: SUSE-CU-2025:933-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250215080908.3D35DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:933-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.86 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.86 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:11:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:11:07 +0100 (CET) Subject: SUSE-CU-2025:934-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250215081107.CA837FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:934-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.86 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.86 Severity : important Type : security References : 1236705 1236878 CVE-2024-12133 CVE-2025-0938 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - python3-base-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:12:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:12:26 +0100 (CET) Subject: SUSE-CU-2025:935-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250215081226.89C0CFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:935-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.135 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.135 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:13:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:13:47 +0100 (CET) Subject: SUSE-CU-2025:937-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250215081347.A72DEFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:937-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.42 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.42 , suse/ltss/sle15.3/sle15:latest Container Release : 2.42 Severity : important Type : security References : 1231472 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:14:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:14:10 +0100 (CET) Subject: SUSE-CU-2025:938-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250215081410.5C910FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:938-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.25 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.25 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:14:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:14:59 +0100 (CET) Subject: SUSE-CU-2025:939-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250215081459.04639FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:939-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.23 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.23 , suse/ltss/sle15.4/sle15:latest Container Release : 2.23 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:18:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:18:08 +0100 (CET) Subject: SUSE-CU-2025:940-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250215081808.DE840FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:940-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.13 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.13 , suse/ltss/sle15.5/sle15:latest Container Release : 4.13 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:20:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:20:27 +0100 (CET) Subject: SUSE-CU-2025:941-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250215082027.C1C84FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:941-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.25 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.25 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-ltss-image-15.4.0-2.23 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:22:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:22:17 +0100 (CET) Subject: SUSE-CU-2025:943-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250215082217.5ACA5FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:943-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.16 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.16 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-ltss-image-15.4.0-2.23 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:23:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:23:11 +0100 (CET) Subject: SUSE-CU-2025:944-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250215082311.21C8CFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:944-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.17 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.17 Severity : important Type : security References : 1236705 1236878 CVE-2024-12133 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-ltss-image-15.4.0-2.23 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:24:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:24:33 +0100 (CET) Subject: SUSE-CU-2025:945-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250215082433.7A793FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:945-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.78 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.78 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:24:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:24:34 +0100 (CET) Subject: SUSE-CU-2025:946-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250215082434.790F2FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:946-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.79 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.79 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:28:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:28:41 +0100 (CET) Subject: SUSE-CU-2025:948-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250215082841.BD619FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:948-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.80 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.80 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Sat Feb 15 08:28:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 15 Feb 2025 09:28:42 +0100 (CET) Subject: SUSE-CU-2025:949-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250215082842.790C1FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:949-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.81 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.81 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:07:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:07:35 +0100 (CET) Subject: SUSE-CU-2025:950-1: Security update of suse/389-ds Message-ID: <20250217080735.E7F45FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:950-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-52.8 , suse/389-ds:latest Container Release : 52.8 Severity : moderate Type : security References : 1229228 1233752 1234313 1234765 1236705 1236960 CVE-2025-0938 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:08:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:08:11 +0100 (CET) Subject: SUSE-CU-2025:951-1: Security update of suse/mariadb Message-ID: <20250217080811.932FAFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:951-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.6 , suse/mariadb:latest Container Release : 62.6 Severity : moderate Type : security References : 1229228 1231472 1233752 1234313 1234765 1236705 1236960 CVE-2025-0938 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:20 +0100 (CET) Subject: SUSE-CU-2025:952-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20250217080920.9CE51FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:952-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.3 , suse/manager/5.0/x86_64/proxy-httpd:5.0.3.7.11.4 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 7.11.4 Severity : important Type : security References : 1027642 1081596 1159034 1188441 1194818 1194818 1203617 1210959 1212161 1212985 1213437 1214915 1215815 1216683 1216946 1217338 1218609 1219031 1219736 1220262 1220338 1220494 1220523 1220690 1220693 1220696 1220724 1220902 1221219 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222285 1222447 1222574 1222820 1222899 1223094 1223336 1224318 1224771 1225267 1225451 1226014 1226030 1226463 1226493 1226958 1227100 1227138 1227205 1227261 1227374 1227625 1227644 1227759 1227793 1227807 1227827 1227852 1227882 1227888 1228042 1228138 1228182 1228206 1228208 1228232 1228261 1228319 1228322 1228351 1228420 1228535 1228548 1228647 1228770 1228787 1228856 1228956 1228968 1229000 1229028 1229077 1229079 1229228 1229286 1229329 1229465 1229476 1229848 1229902 1230093 1230111 1230135 1230145 1230267 1230502 1230516 1230585 1230638 1230670 1230698 1230741 1230833 1230912 1230943 1230951 1230972 1231043 1231048 1231051 1231053 1231255 1231377 1231378 1231398 1231404 1231430 1231459 1231463 1231463 1231762 1231795 1231833 1232042 1232125 1232227 1232528 1232530 1232579 1232713 1232844 1233258 1233282 1233307 1233383 1233400 1233426 1233431 1233433 1233450 1233497 1233595 1233696 1233699 1233724 1233752 1233761 1233793 1233871 1233884 1234015 1234068 1234251 1234313 1234441 1234665 1234749 1234765 1234994 1235145 1235151 1235692 1235908 1236460 1236705 222971 916845 CVE-2013-4235 CVE-2013-4235 CVE-2022-49043 CVE-2023-50782 CVE-2024-11053 CVE-2024-11168 CVE-2024-21528 CVE-2024-41996 CVE-2024-45801 CVE-2024-50602 CVE-2024-52533 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4044-1 Released: Mon Nov 25 08:28:17 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4056-1 Released: Tue Nov 26 06:38:34 2024 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1227261 This update for apache2 fixes the following issues: - Fixed the installation location (bsc#1227261) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4244-1 Released: Fri Dec 6 14:04:39 2024 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1231463 This update for shared-mime-info fixes the following issue: - Uninstall silently if update-mime-database is not present (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2024-4323 Released: Mon Dec 16 12:13:41 2024 Summary: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy Type: recommended Severity: moderate References: 1230951 This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: release-notes-susemanager: - Update to SUSE Manager 5.0.2.1 * The installation images for SUSE Manager have been updated * Bugs mentioned: bsc#1230951 release-notes-susemanager-proxy: - Update to SUSE Manager 5.0.2.1 * The installation images for SUSE Manager have been updated * Bugs mentioned: bsc#1230951 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4337-1 Released: Tue Dec 17 08:17:39 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1231048,1232844 This update for systemd fixes the following issues: - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4363-1 Released: Tue Dec 17 16:12:41 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4378-1 Released: Thu Dec 19 08:23:55 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1203617 This update for aaa_base fixes the following issues: - Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4402-1 Released: Fri Dec 20 16:41:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1234749 This update for libzypp fixes the following issues: - Url: queryparams without value should not have a trailing '=' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:222-1 Released: Wed Jan 22 12:30:04 2025 Summary: Feature update for zypper, libzypp Type: feature Severity: low References: This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append '-' or '--' to the '' pattern. Note that the edition part must always match exactly. - version 1.14.79 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:330-1 Released: Mon Feb 3 11:50:09 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1233433 This update for apache2 fixes the following issue: - update-alternatives script not called during httpd update, never triggered from 'zypper dup' (bsc#1233433). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-523 Released: Fri Feb 14 08:15:57 2025 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1027642,1212161,1212985,1213437,1215815,1216683,1216946,1217338,1220494,1220902,1221219,1222447,1222574,1222820,1224318,1226958,1227374,1227644,1227759,1227827,1227852,1227882,1228182,1228232,1228261,1228319,1228351,1228856,1228956,1229000,1229077,1229079,1229286,1229848,1229902,1230502,1230585,1230670,1230741,1230833,1230943,1231053,1231255,1231377,1231378,1231398,1231404,1231430,1231459,1231762,1232042,1232125,1232530,1232713,1233258,1233383,1233400,1233426,1233431,1233450,1233497,1233595,1233696,1233724,1233761,1233793,1233871,1233884,1234251,1234441,1234994,1235145,1235692,1235908,CVE-2024-21528,CVE-2024-45801 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libudev1-254.21-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libcurl4-8.6.0-150600.4.18.1 updated - login_defs-4.8.1-150600.17.9.1 updated - sles-release-15.6-150600.64.3.1 updated - permissions-20240826-150600.10.12.1 updated - pam-1.3.0-150000.6.71.2 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - shadow-4.8.1-150600.17.9.1 updated - libzypp-17.35.16-150600.3.41.1 updated - zypper-1.14.79-150600.10.19.1 updated - util-linux-2.39.3-150600.4.12.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated - curl-8.6.0-150600.4.18.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libgmodule-2_0-0-2.78.6-150600.4.8.1 updated - libgobject-2_0-0-2.78.6-150600.4.8.1 updated - release-notes-susemanager-proxy-5.0.3-150600.11.20.1 updated - shared-mime-info-2.4-150600.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - hwdata-0.390-150000.3.74.2 updated - apache2-prefork-2.4.58-150600.5.32.2 updated - python3-3.6.15-150300.10.81.1 updated - systemd-254.23-150600.4.25.1 updated - libgio-2_0-0-2.78.6-150600.4.8.1 updated - glib2-tools-2.78.6-150600.4.8.1 updated - python3-libxml2-2.10.3-150500.5.20.1 updated - apache2-2.4.58-150600.5.32.2 updated - spacewalk-backend-5.0.11-150600.4.9.5 updated - python3-spacewalk-client-tools-5.0.8-150600.4.6.3 updated - spacewalk-client-tools-5.0.8-150600.4.6.3 updated - spacewalk-proxy-package-manager-5.0.5-150600.3.6.3 updated - spacewalk-proxy-common-5.0.5-150600.3.6.3 updated - spacewalk-proxy-broker-5.0.5-150600.3.6.3 updated - spacewalk-proxy-redirect-5.0.5-150600.3.6.3 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:26 +0100 (CET) Subject: SUSE-CU-2025:953-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20250217080926.B1C5FFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:953-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.3 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.3.7.11.5 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 7.11.5 Severity : important Type : security References : 1081596 1159034 1188441 1194818 1194818 1203617 1210959 1214915 1218609 1219031 1219736 1220262 1220338 1220356 1220523 1220690 1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222285 1222899 1223094 1223336 1224771 1225267 1225451 1226014 1226030 1226414 1226463 1226493 1227100 1227138 1227205 1227525 1227625 1227793 1227807 1227888 1228042 1228091 1228138 1228206 1228208 1228223 1228322 1228420 1228535 1228548 1228647 1228770 1228787 1228809 1228968 1229028 1229329 1229465 1229476 1229518 1230093 1230111 1230135 1230145 1230267 1230516 1230638 1230698 1230912 1230972 1231043 1231048 1231051 1231463 1231795 1231833 1232227 1232528 1232579 1232844 1233282 1233307 1233699 1234015 1234068 1234665 1234749 1235151 1236460 1236705 222971 916845 CVE-2013-4235 CVE-2013-4235 CVE-2022-49043 CVE-2023-50782 CVE-2024-11053 CVE-2024-11168 CVE-2024-41996 CVE-2024-50602 CVE-2024-52533 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4200-1 Released: Thu Dec 5 14:48:33 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1225451 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's 'orderwithrequires' dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4337-1 Released: Tue Dec 17 08:17:39 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1231048,1232844 This update for systemd fixes the following issues: - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4378-1 Released: Thu Dec 19 08:23:55 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1203617 This update for aaa_base fixes the following issues: - Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4402-1 Released: Fri Dec 20 16:41:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1234749 This update for libzypp fixes the following issues: - Url: queryparams without value should not have a trailing '=' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:222-1 Released: Wed Jan 22 12:30:04 2025 Summary: Feature update for zypper, libzypp Type: feature Severity: low References: This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append '-' or '--' to the '' pattern. Note that the edition part must always match exactly. - version 1.14.79 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libudev1-254.21-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libcurl4-8.6.0-150600.4.18.1 updated - login_defs-4.8.1-150600.17.9.1 updated - sles-release-15.6-150600.64.3.1 updated - permissions-20240826-150600.10.12.1 updated - pam-1.3.0-150000.6.71.2 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libsolv-tools-base-0.7.31-150600.8.7.2 updated - shadow-4.8.1-150600.17.9.1 updated - libzypp-17.35.16-150600.3.41.1 updated - zypper-1.14.79-150600.10.19.1 updated - util-linux-2.39.3-150600.4.12.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated - curl-8.6.0-150600.4.18.1 updated - openssl-3-3.1.4-150600.5.21.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-image-15.6.0-47.18.1 updated - liblz4-1-1.9.4-150600.1.4 removed - libprocps8-3.3.17-150000.7.39.1 removed - libsystemd0-254.13-150600.4.5.1 removed - procps-3.3.17-150000.7.39.1 removed From sle-container-updates at lists.suse.com Mon Feb 17 08:09:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:35 +0100 (CET) Subject: SUSE-CU-2025:955-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20250217080935.8242AFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:955-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.3 , suse/manager/5.0/x86_64/proxy-ssh:5.0.3.7.11.3 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 7.11.3 Severity : important Type : security References : 1188441 1194818 1210959 1214915 1219031 1219736 1220262 1220338 1220523 1220690 1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222899 1223336 1226414 1226463 1227138 1227807 1228042 1228091 1228223 1228548 1228770 1228809 1228968 1229010 1229028 1229072 1229228 1229329 1229449 1229465 1229518 1230145 1230638 1230698 1230972 1231048 1231051 1231795 1231833 1232227 1232579 1232844 1233307 1233699 1233752 1234015 1234313 1234665 1234765 1236705 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-50782 CVE-2024-11168 CVE-2024-41996 CVE-2024-50602 CVE-2024-5535 CVE-2024-6119 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4067-1 Released: Tue Nov 26 11:33:47 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1229010,1229072,1229449 This update for openssh fixes the following issues: - Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call. - Fixed a small memory leak when parsing the subsystem configuration option. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4337-1 Released: Tue Dec 17 08:17:39 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1231048,1232844 This update for systemd fixes the following issues: - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libudev1-254.21-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - login_defs-4.8.1-150600.17.9.1 updated - permissions-20240826-150600.10.12.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150600.17.9.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - openssh-common-9.6p1-150600.6.12.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - openssh-fips-9.6p1-150600.6.12.1 updated - openssh-clients-9.6p1-150600.6.12.1 updated - openssh-server-9.6p1-150600.6.12.1 updated - openssh-9.6p1-150600.6.12.1 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:45 +0100 (CET) Subject: SUSE-CU-2025:957-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20250217080945.106B4FD2B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:957-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.3 , suse/manager/5.0/x86_64/server-attestation:5.0.3.6.11.3 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 6.11.3 Severity : important Type : security References : 1027642 1212161 1212985 1213437 1215815 1216683 1216946 1217338 1220494 1220902 1221219 1222447 1222574 1222820 1224318 1226958 1227374 1227644 1227759 1227827 1227852 1227882 1228182 1228232 1228261 1228319 1228351 1228856 1228956 1229000 1229077 1229079 1229286 1229848 1229902 1230502 1230585 1230670 1230741 1230833 1230943 1231053 1231255 1231347 1231377 1231378 1231398 1231404 1231428 1231430 1231459 1231463 1231472 1231762 1232042 1232125 1232530 1232713 1233258 1233282 1233383 1233400 1233426 1233431 1233450 1233497 1233595 1233696 1233699 1233724 1233761 1233793 1233871 1233884 1234251 1234441 1234665 1234994 1235145 1235692 1235908 1236136 1236278 1236619 1236878 CVE-2024-12133 CVE-2024-13176 CVE-2024-21528 CVE-2024-28168 CVE-2024-45801 CVE-2024-52533 CVE-2025-21502 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4054-1 Released: Tue Nov 26 06:05:40 2024 Summary: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop Type: security Severity: moderate References: 1231347,1231428,CVE-2024-28168 This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428) - Upstream changes and bugs fixed: * Version 2.10: + footnote-body ignores rl-tb writing mode + SVG tspan content is displayed out of place + Added new schema to handle pdf/a and pdfa/ua + Correct fop version at runtime + NoSuchElementException when using font with no family name + Resolve classpath for binary distribution + Switch to spotbugs + Set an automatic module name + Rename packages to avoid conflicts with modules + Resize table only for multicolumn page + Missing jars in servlet + Optimise performance of PNG with alpha using raw loader + basic-link not navigating to corresponding footnote + Added option to sign PDF + Added secure processing for XSL input + Allow sections which need security permissions to be run when AllPermission denied in caller code + Remove unused PDFStructElem + Remove space generated by fo:wrapper + Reset content length for table changing ipd + Added alt text to PDF signature + Allow change of resource level for SVG in AFP + Exclude shape not in clipping path for AFP + Only support 1 column for redo of layout without page pos only + Switch to Jakarta servlet API + NPE when list item is split alongside an ipd change + Added mandatory MODCA triplet to AFP + Redo layout for multipage columns + Added image mask option for AFP + Skip written block ipds inside float + Allow curly braces for src url + Missing content for last page with change ipd + Added warning when different pdf languages are used + Only restart line manager when there is a linebreak for blocklayout * Version 2.9: + Values in PDF Number Trees must be indirect references + Do not delete files on syntax errors using command line + Surrogate pair edge-case causes Exception + Reset character spacing + SVG text containing certain glyphs isn't rendered + Remove duplicate classes from maven classpath + Allow use of page position only on redo of layout + Failure to render multi-block itemBody alongside float + Update to PDFBox 2.0.27 + NPE if link destination is missing with accessibility + Make property cache thread safe + Font size was rounded to 0 for AFP TTF + Cannot process a SVG using mvn jars + Remove serializer jar + Allow creating a PDF 2.0 document + Text missing after page break inside table inline + IllegalArgumentException for list in a table + Table width may be too wide when layout width changes + NPE when using broken link and PDF 1.5 + Allow XMP at PDF page level + Symbol font was not being mapped to unicode + Correct font differences table for Chrome + Link against Java 8 API + Added support for font-selection-strategy=character-by-character + Merge form fields in external PDFs + Fixed test for Java 11 xmlgraphics-batik was updated from version 1.17 to 1.18: - PNG transcoder references nonexistent class - Set offset to 0 if missing in stop tag - Validate throws NPE - Fixed missing arabic characters - Animated rotate tranform ignores y-origin at exactly 270 degrees - Set an automatic module name - Ignore inkscape properties - Switch to spotbugs - Allow source and target resolution configuration xmlgraphics-commons was updated from version 2.8 to 2.10: - Fixed test for Java 11 - Allow XMP at PDF page level - Allow source resolution configuration - Added new schema to handle pdf/a and pdfa/ua - Set an automatic module name - Switch to spotbugs - Do not use a singleton for ImageImplRegistry javapackages-tools was updated from version 6.3.0 to 6.3.4: - Version 6.3.4: * A corner case when which is not present * Remove dependency on which * Simplify after the which -> type -p change * jpackage_script: Remove pointless assignment when %java_home is unset * Don't export JAVA_HOME (bsc#1231347) - Version 6.3.2: * Search for JAVACMD under JAVA_HOME only if it's set * Obsolete set_jvm and set_jvm_dirs functions * Drop unneeded _set_java_home function * Remove JAVA_HOME check from check_java_env function * Bump codecov/codecov-action from 2.0.2 to 4.6.0 * Bump actions/setup-python from 4 to 5 * Bump actions/checkout from 2 to 4 * Added custom dependabot config * Remove the test for JAVA_HOME and error if it is not set * java-functions: Remove unneeded local variables * Fixed build status shield - Version 6.3.1: * Allow missing components with abs2rel * Fixed tests with python 3.4 * Sync spec file from Fedora * Drop default JRE/JDK * Fixed the use of java-functions in scripts * Test that we don't bomb on * Test variable expansion in artifactId * Interpolate properties also in the current artifact * Rewrite abs2rel in shell * Use asciidoctor instead of asciidoc * Fixed incompatibility with RPM 4.20 * Reproducible exclusions order in maven metadata * Do not bomb on construct * Make maven_depmap order of aliases reproducible ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4055-1 Released: Tue Nov 26 06:25:26 2024 Summary: Recommended update for Jackson Type: recommended Severity: moderate References: This update for Jackson fixes the following issues: jackson-annotations was updated from version 2.16.1 to 2.17.3: - Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for use on constructor parameters) - Build the module-info.java source too (with release=9) jackson-bom was updated from version 2.16.1 to 2.17.3: - Added `jackson-jr-extension-javatime` - Added managed dependency to JUnit5 - Removed unused JUnit5 dependency jackson-core, jackson-databind, jackson-dataformats-binary were updated from version 2.16.1 to 2.17.3: - Various minor bugs have been fixed jackson-modules-base was updated from version 2.16.1 to 2.17.3: - Version update with no changes jackson-parent was updated from version 2.16 to 2.17: - Update to oss-parent 58 (plugin version updates) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4254-1 Released: Fri Dec 6 18:03:05 2024 Summary: Security update for glib2 Type: security Severity: important References: 1231463,1233282,CVE-2024-52533 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:338-1 Released: Mon Feb 3 16:12:41 2025 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-523 Released: Fri Feb 14 08:15:57 2025 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1027642,1212161,1212985,1213437,1215815,1216683,1216946,1217338,1220494,1220902,1221219,1222447,1222574,1222820,1224318,1226958,1227374,1227644,1227759,1227827,1227852,1227882,1228182,1228232,1228261,1228319,1228351,1228856,1228956,1229000,1229077,1229079,1229286,1229848,1229902,1230502,1230585,1230670,1230741,1230833,1230943,1231053,1231255,1231377,1231378,1231398,1231404,1231430,1231459,1231762,1232042,1232125,1232530,1232713,1233258,1233383,1233400,1233426,1233431,1233450,1233497,1233595,1233696,1233724,1233761,1233793,1233871,1233884,1234251,1234441,1234994,1235145,1235692,1235908,CVE-2024-21528,CVE-2024-45801 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - glibc-2.38-150600.14.20.3 updated - libglib-2_0-0-2.78.6-150600.4.8.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - javapackages-filesystem-6.3.4-150200.3.15.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - javapackages-tools-6.3.4-150200.3.15.1 updated - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 updated - jackson-core-2.17.3-150200.3.19.1 updated - jackson-annotations-2.17.3-150200.3.19.1 updated - jackson-databind-2.17.3-150200.3.23.1 updated - uyuni-java-common-5.0.6-150600.3.6.3 updated - uyuni-coco-attestation-core-5.0.6-150600.3.6.3 updated - uyuni-coco-attestation-module-snpguest-5.0.6-150600.3.6.3 updated - uyuni-coco-attestation-module-secureboot-5.0.6-150600.3.6.3 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:50 +0100 (CET) Subject: SUSE-CU-2025:958-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20250217080950.188C8FD2B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:958-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.3 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.3.6.11.2 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 6.11.2 Severity : important Type : security References : 1082756 1188441 1189451 1194818 1202870 1203617 1207789 1209627 1210959 1214915 1219031 1219736 1220262 1220338 1220523 1220690 1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222899 1223336 1226463 1227100 1227138 1227807 1227888 1228042 1228535 1228548 1228770 1228968 1229028 1229228 1229329 1229465 1230093 1230111 1230135 1230145 1230516 1230638 1230698 1230972 1231048 1231051 1231833 1232227 1232528 1232579 1232844 1233699 1233752 1234015 1234068 1234313 1234665 1234765 1235151 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-50782 CVE-2024-11053 CVE-2024-41996 CVE-2024-50602 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3925-1 Released: Wed Nov 6 11:14:28 2024 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4288-1 Released: Wed Dec 11 09:31:32 2024 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4337-1 Released: Tue Dec 17 08:17:39 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1231048,1232844 This update for systemd fixes the following issues: - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4378-1 Released: Thu Dec 19 08:23:55 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1203617 This update for aaa_base fixes the following issues: - Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:79-1 Released: Mon Jan 13 12:50:24 2025 Summary: Recommended update for libnl3, ovpn-dco, openVPN Type: recommended Severity: moderate References: 1082756,1189451 This update for libnl3, ovpn-dco, openVPN fixes the following issue: - Update libnl to release 3.9 - Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libuuid1-2.39.3-150600.4.12.2 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.12.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.39.3-150600.4.12.2 updated - libudev1-254.21-150600.4.21.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libcurl4-8.6.0-150600.4.18.1 updated - login_defs-4.8.1-150600.17.9.1 updated - sles-release-15.6-150600.64.3.1 updated - permissions-20240826-150600.10.12.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150600.17.9.1 updated - util-linux-2.39.3-150600.4.12.2 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libnl-config-3.9.0-150600.15.4.4 updated - libsystemd0-254.23-150600.4.25.1 updated - libnl3-200-3.9.0-150600.15.4.4 updated - systemd-254.23-150600.4.25.1 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:10:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:10:02 +0100 (CET) Subject: SUSE-CU-2025:960-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20250217081002.EE735FDA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:960-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.3 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.3.7.11.3 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 7.11.3 Severity : important Type : security References : 1219340 1219736 1220262 1220338 1230423 1230972 1231048 1231795 1231833 1232227 1232579 1232844 1233307 1233323 1233323 1233325 1233325 1233326 1233326 1233327 1233327 1233699 1234015 1234665 1236705 CVE-2023-50782 CVE-2024-10976 CVE-2024-10976 CVE-2024-10977 CVE-2024-10977 CVE-2024-10978 CVE-2024-10978 CVE-2024-10979 CVE-2024-10979 CVE-2024-11168 CVE-2024-50602 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4063-1 Released: Tue Nov 26 10:16:06 2024 Summary: Security update for postgresql, postgresql16, postgresql17 Type: security Severity: important References: 1219340,1230423,1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979 This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc#1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. - bsc#1219340: The last fix was not correct. Improve it by removing the dependency again and call fillup only if it is installed. postgresql16 was updated to 16.6: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. * https://www.postgresql.org/docs/release/16.6/ postgresql16 was updated to 16.5: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/16.5/ - Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17. * https://www.postgresql.org/about/news/p-2910/ postgresql17 is shipped in version 17.2: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/17.1/ * https://www.postgresql.org/docs/release/17.2/ Upgrade to 17.2: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. Upgrade to 17.0: * New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. * New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. * Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. * Logical replication enhancements, including: + Failover control + pg_createsubscriber, a utility that creates logical replicas from physical standbys + pg_upgrade now preserves replication slots on both publishers and subscribers * New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. * pg_basebackup now supports incremental backup. * COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. * https://www.postgresql.org/about/news/p-2936/ * https://www.postgresql.org/docs/17/release-17.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4118-1 Released: Fri Nov 29 17:23:56 2024 Summary: Security update for postgresql14 Type: security Severity: important References: 1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4337-1 Released: Tue Dec 17 08:17:39 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1231048,1232844 This update for systemd fixes the following issues: - udev: skipping empty udev rules file while collecting the stats (bsc#1232844) - Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - login_defs-4.8.1-150600.17.9.1 updated - permissions-20240826-150600.10.12.1 updated - shadow-4.8.1-150600.17.9.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libsystemd0-254.21-150600.4.21.1 updated - glibc-locale-base-2.38-150600.14.20.3 updated - libpq5-17.2-150600.13.5.1 updated - glibc-locale-2.38-150600.14.20.3 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - postgresql-17-150600.17.6.1 updated - postgresql14-14.15-150600.16.9.1 updated - postgresql16-16.6-150600.16.10.1 updated - postgresql-server-17-150600.17.6.1 updated - postgresql14-server-14.15-150600.16.9.1 updated - postgresql16-server-16.6-150600.16.10.1 updated - postgresql16-contrib-16.6-150600.16.10.1 updated - postgresql-contrib-17-150600.17.6.1 updated - postgresql14-contrib-14.15-150600.16.9.1 updated - container:suse-manager-5.0-init-5.0.3-5.0.3-7.9.5 added - container:suse-manager-5.0-init-5.0.2-5.0.2-7.6.16 removed From sle-container-updates at lists.suse.com Mon Feb 17 08:09:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:30 +0100 (CET) Subject: SUSE-CU-2025:954-1: Security update of suse/manager/5.0/x86_64/proxy-squid Message-ID: <20250217080930.CA987FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:954-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.3 , suse/manager/5.0/x86_64/proxy-squid:5.0.3.7.11.2 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 7.11.2 Severity : important Type : security References : 1188441 1194818 1202870 1207789 1209627 1210959 1214915 1219031 1219736 1220262 1220523 1220690 1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222899 1223336 1226463 1227138 1227807 1228042 1228548 1228770 1228968 1229028 1229329 1229465 1230111 1230145 1230638 1230698 1230972 1231051 1231833 1233699 1234665 1236460 916845 CVE-2013-4235 CVE-2013-4235 CVE-2022-49043 CVE-2023-50782 CVE-2024-41996 CVE-2024-5535 CVE-2024-6119 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3132-1 Released: Tue Sep 3 17:43:10 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228968,1229329 This update for permissions fixes the following issues: - Update to version 20240826: * permissions: remove outdated entries (bsc#1228968) - Update to version 20240826: * cockpit: revert path change (bsc#1229329) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3896-1 Released: Mon Nov 4 12:08:29 2024 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1230972 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libxml2-2-2.10.3-150500.5.20.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 added - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - login_defs-4.8.1-150600.17.9.1 updated - permissions-20240826-150600.10.12.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150600.17.9.1 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:40 +0100 (CET) Subject: SUSE-CU-2025:956-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20250217080940.86C81FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:956-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.3 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.3.7.11.3 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 7.11.3 Severity : important Type : security References : 1188441 1210959 1214915 1219031 1220262 1220356 1220523 1220690 1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222899 1223336 1226463 1227138 1227525 1227807 1228042 1229028 1229465 1230145 1230638 1230698 1231051 1231795 1231833 1232579 1233307 1233699 1234665 1236705 CVE-2023-50782 CVE-2024-11168 CVE-2024-41996 CVE-2024-50602 CVE-2024-5535 CVE-2024-6119 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3106-1 Released: Tue Sep 3 17:00:40 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3865-1 Released: Fri Nov 1 16:10:37 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1231833 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3943-1 Released: Thu Nov 7 11:12:00 2024 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4035-1 Released: Mon Nov 18 16:22:57 2024 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4045-1 Released: Mon Nov 25 08:33:05 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issue: - Updated patterns-base, removing plymouth recommendation on s390x archs. Our certification team run into an issue (jsc#PED-10532), when they run bare metal installation with fully encrypted disk. If the whole disk is crypted, the prompt for the password is sent to plymouth, which is obviously showing nothing because for booting bare metal (LPAR) is used terminal in HMC. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4156-1 Released: Tue Dec 3 14:13:15 2024 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - README.md updates - explicitly require openssl-3 cli - reorder tags (list the more specific ones first) - set oci.ref.name and oci.authors correctly ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4193-1 Released: Thu Dec 5 12:01:40 2024 Summary: Security update for python3 Type: security Severity: low References: 1231795,1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4224-1 Released: Fri Dec 6 10:24:50 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1233699 This update for glibc fixes the following issue: - Remove nss-systemd from default nsswitch.conf (bsc#1233699). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:38-1 Released: Thu Jan 9 10:24:48 2025 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - switch to public-dl.suse.com ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - glibc-2.38-150600.14.20.3 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libgcc_s1-14.2.0+git10526-150000.1.6.1 updated - libstdc++6-14.2.0+git10526-150000.1.6.1 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.21.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated - patterns-base-fips-20200124-150600.32.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - openssl-3-3.1.4-150600.5.21.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated - libexpat1-2.4.4-150400.3.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-image-15.6.0-47.18.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:46:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:46:58 +0100 (CET) Subject: SUSE-CU-2025:963-1: Security update of bci/bci-base-fips Message-ID: <20250217144658.64A60FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:963-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.19.17 , bci/bci-base-fips:latest Container Release : 19.17 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:47:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:47:02 +0100 (CET) Subject: SUSE-CU-2025:964-1: Recommended update of suse/cosign Message-ID: <20250217144702.30A5BFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:964-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.16 , suse/cosign:latest Container Release : 8.16 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - libudev1-254.23-150600.4.25.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:47:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:47:20 +0100 (CET) Subject: SUSE-CU-2025:965-1: Security update of suse/registry Message-ID: <20250217144720.6D6ABFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:965-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.14 , suse/registry:latest Container Release : 33.14 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:48:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:48:03 +0100 (CET) Subject: SUSE-CU-2025:968-1: Recommended update of bci/gcc Message-ID: <20250217144803.2DA12FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:968-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.22 , bci/gcc:latest Container Release : 8.22 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:48:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:48:25 +0100 (CET) Subject: SUSE-CU-2025:969-1: Recommended update of suse/git Message-ID: <20250217144825.48781FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:969-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.10 , suse/git:latest Container Release : 36.10 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - libudev1-254.23-150600.4.25.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:48:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:48:41 +0100 (CET) Subject: SUSE-CU-2025:970-1: Security update of bci/golang Message-ID: <20250217144841.AB619FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:970-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-2.34.3 , bci/golang:oldstable , bci/golang:oldstable-2.34.3 Container Release : 34.3 Severity : important Type : security References : 1229122 1229122 1229122 1229122 1229122 1229122 1229122 1229228 1230252 1230253 1230254 1231472 1233752 1234313 1234765 1236045 1236046 1236801 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 CVE-2024-45336 CVE-2024-45341 CVE-2025-22866 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2951-1 Released: Fri Aug 16 16:33:41 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - go1.23 (released 2024-08-13) is a major release of Go. go1.23.x minor releases will be provided through August 2025. See https://github.com/golang/go/wiki/Go-Release-Cycle go1.23 arrives six months after go1.22. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1229122) * Language change: Go 1.23 makes the (Go 1.22) 'range-over-func' experiment a part of the language. The 'range' clause in a 'for-range' loop now accepts iterator functions of the following types: func(func() bool) func(func(K) bool) func(func(K, V) bool) as range expressions. Calls of the iterator argument function produce the iteration values for the 'for-range' loop. For details see the iter package documentation and the language spec. For motivation see the 2022 'range-over-func' discussion. * Language change: Go 1.23 includes preview support for generic type aliases. Building the toolchain with GOEXPERIMENT=aliastypeparams enables this feature within a package. (Using generic alias types across package boundaries is not yet supported.) * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can collect usage and breakage statistics that help the Go team understand how the Go toolchain is used and how well it is working. We refer to these statistics as Go telemetry. Go telemetry is an opt-in system, controlled by the go telemetry command. By default, the toolchain programs collect statistics in counter files that can be inspected locally but are otherwise unused (go telemetry local). To help us keep Go working well and understand Go usage, please consider opting in to Go telemetry by running go telemetry on. In that mode, anonymous counter reports are uploaded to telemetry.go.dev weekly, where they are aggregated into graphs and also made available for download by any Go contributors or users wanting to analyze the data. See 'Go Telemetry' for more details about the Go Telemetry system. * go command: Setting the GOROOT_FINAL environment variable no longer has an effect (#62047). Distributions that install the go command to a location other than $GOROOT/bin/go should install a symlink instead of relocating or copying the go binary. * go command: The new go env -changed flag causes the command to print only those settings whose effective value differs from the default value that would be obtained in an empty environment with no prior uses of the -w flag. * go command: The new go mod tidy -diff flag causes the command not to modify the files but instead print the necessary changes as a unified diff. It exits with a non-zero code if updates are needed. * go command: The go list -m -json command now includes new Sum and GoModSum fields. This is similar to the existing behavior of the go mod download -json command. * go command: The new godebug directive in go.mod and go.work declares a GODEBUG setting to apply for the work module or workspace in use. * go vet: The go vet subcommand now includes the stdversion analyzer, which flags references to symbols that are too new for the version of Go in effect in the referring file. (The effective version is determined by the go directive in the file's enclosing go.mod file, and by any //go:build constraints in the file.) For example, it will report a diagnostic for a reference to the reflect.TypeFor function (introduced in go1.22) from a file in a module whose go.mod file specifies go 1.21. * cgo: cmd/cgo supports the new -ldflags flag for passing flags to the C linker. The go command uses it automatically, avoiding 'argument list too long' errors with a very large CGO_LDFLAGS. * go trace: The trace tool now better tolerates partially broken traces by attempting to recover what trace data it can. This functionality is particularly helpful when viewing a trace that was collected during a program crash, since the trace data leading up to the crash will now be recoverable under most circumstances. * Runtime: The traceback printed by the runtime after an unhandled panic or other fatal error now indents the second and subsequent lines of the error message (for example, the argument to panic) by a single tab, so that it can be unambiguously distinguished from the stack trace of the first goroutine. See go#64590 for discussion. * Compiler: The build time overhead to building with Profile Guided Optimization has been reduced significantly. Previously, large builds could see 100%+ build time increase from enabling PGO. In Go 1.23, overhead should be in the single digit percentages. * Compiler: The compiler in Go 1.23 can now overlap the stack frame slots of local variables accessed in disjoint regions of a function, which reduces stack usage for Go applications. * Compiler: For 386 and amd64, the compiler will use information from PGO to align certain hot blocks in loops. This improves performance an additional 1-1.5% at a cost of an additional 0.1% text and binary size. This is currently only implemented on 386 and amd64 because it has not shown an improvement on other platforms. Hot block alignment can be disabled with -gcflags=[=]-d=alignhot=0. * Linker: The linker now disallows using a //go:linkname directive to refer to internal symbols in the standard library (including the runtime) that are not marked with //go:linkname on their definitions. Similarly, the linker disallows references to such symbols from assembly code. For backward compatibility, existing usages of //go:linkname found in a large open-source code corpus remain supported. Any new references to standard library internal symbols will be disallowed. * Linker: A linker command line flag -checklinkname=0 can be used to disable this check, for debugging and experimenting purposes. * Linker: When building a dynamically linked ELF binary (including PIE binary), the new -bindnow flag enables immediate function binding. * Standard library changes: * timer: 1.23 makes two significant changes to the implementation of time.Timer and time.Ticker. First, Timers and Tickers that are no longer referred to by the program become eligible for garbage collection immediately, even if their Stop methods have not been called. Earlier versions of Go did not collect unstopped Timers until after they had fired and never collected unstopped Tickers. Second, the timer channel associated with a Timer or Ticker is now unbuffered, with capacity 0. The main effect of this change is that Go now guarantees that for any call to a Reset or Stop method, no stale values prepared before that call will be sent or received after the call. Earlier versions of Go used channels with a one-element buffer, making it difficult to use Reset and Stop correctly. A visible effect of this change is that len and cap of timer channels now returns 0 instead of 1, which may affect programs that poll the length to decide whether a receive on the timer channel will succeed. Such code should use a non-blocking receive instead. These new behaviors are only enabled when the main Go program is in a module with a go.mod go line using Go 1.23.0 or later. When Go 1.23 builds older programs, the old behaviors remain in effect. The new GODEBUG setting asynctimerchan=1 can be used to revert back to asynchronous channel behaviors even when a program names Go 1.23.0 or later in its go.mod file. * unique: The new unique package provides facilities for canonicalizing values (like 'interning' or 'hash-consing'). Any value of comparable type may be canonicalized with the new Make[T] function, which produces a reference to a canonical copy of the value in the form of a Handle[T]. Two Handle[T] are equal if and only if the values used to produce the handles are equal, allowing programs to deduplicate values and reduce their memory footprint. Comparing two Handle[T] values is efficient, reducing down to a simple pointer comparison. * iter: The new iter package provides the basic definitions for working with user-defined iterators. * slices: The slices package adds several functions that work with iterators: - All returns an iterator over slice indexes and values. - Values returns an iterator over slice elements. - Backward returns an iterator that loops over a slice backward. - Collect collects values from an iterator into a new slice. - AppendSeq appends values from an iterator to an existing slice. - Sorted collects values from an iterator into a new slice, and then sorts the slice. - SortedFunc is like Sorted but with a comparison function. - SortedStableFunc is like SortFunc but uses a stable sort algorithm. - Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice. * maps: The maps package adds several functions that work with iterators: - All returns an iterator over key-value pairs from a map. - Keys returns an iterator over keys in a map. - Values returns an iterator over values in a map. - Insert adds the key-value pairs from an iterator to an existing map. - Collect collects key-value pairs from an iterator into a new map and returns it. * structs: The new structs package provides types for struct fields that modify properties of the containing struct type such as memory layout. In this release, the only such type is HostLayout which indicates that a structure with a field of that type has a layout that conforms to host platform expectations. * Minor changes to the standard library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. * archive/tar: If the argument to FileInfoHeader implements the new FileInfoNames interface, then the interface methods will be used to set the Uname/Gname of the file header. This allows applications to override the system-dependent Uname/Gname lookup. * crypto/tls: The TLS client now supports the Encrypted Client Hello draft specification. This feature can be enabled by setting the Config.EncryptedClientHelloConfigList field to an encoded ECHConfigList for the host that is being connected to. * crypto/tls: The QUICConn type used by QUIC implementations includes new events reporting on the state of session resumption, and provides a way for the QUIC layer to add data to session tickets and session cache entries. * crypto/tls: 3DES cipher suites were removed from the default list used when Config.CipherSuites is nil. The default can be reverted by adding tls3des=1 to the GODEBUG environment variable. * crypto/tls: The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable. * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and LoadX509KeyPair to populate the Certificate.Leaf field of the returned Certificate. The new x509keypairleaf GODEBUG setting is added for this behavior. * crypto/x509: CreateCertificateRequest now correctly supports RSA-PSS signature algorithms. * crypto/x509: CreateCertificateRequest and CreateRevocationList now verify the generated signature using the signer's public key. If the signature is invalid, an error is returned. This has been the behavior of CreateCertificate since Go 1.16. * crypto/x509: The x509sha1 GODEBUG setting will be removed in the next Go major release (Go 1.24). This will mean that crypto/x509 will no longer support verifying signatures on certificates that use SHA-1 based signature algorithms. * crypto/x509: The new ParseOID function parses a dot-encoded ASN.1 Object Identifier string. The OID type now implements the encoding.BinaryMarshaler, encoding.BinaryUnmarshaler, encoding.TextMarshaler, encoding.TextUnmarshaler interfaces. database/sql * crypto/x509: Errors returned by driver.Valuer implementations are now wrapped for improved error handling during operations like DB.Query, DB.Exec, and DB.QueryRow. * debug/elf: The debug/elf package now defines PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD binaries. * debug/elf: Now defines the symbol type constants STT_RELC, STT_SRELC, and STT_GNU_IFUNC. * encoding/binary The new Encode and Decode functions are byte slice equivalents to Read and Write. Append allows marshaling multiple data into the same byte slice. * go/ast: The new Preorder function returns a convenient iterator over all the nodes of a syntax tree. * go/types: The Func type, which represents a function or method symbol, now has a Func.Signature method that returns the function's type, which is always a Signature. * go/types: The Alias type now has an Rhs method that returns the type on the right-hand side of its declaration: given type A = B, the Rhs of A is B. (go#66559) * go/types: The methods Alias.Origin, Alias.SetTypeParams, Alias.TypeParams, and Alias.TypeArgs have been added. They are needed for generic alias types. * go/types: By default, go/types now produces Alias type nodes for type aliases. This behavior can be controlled by the GODEBUG gotypesalias flag. Its default has changed from 0 in Go 1.22 to 1 in Go 1.23. * math/rand/v2: The Uint function and Rand.Uint method have been added. They were inadvertently left out of Go 1.22. * math/rand/v2: The new ChaCha8.Read method implements the io.Reader interface. * net: The new type KeepAliveConfig permits fine-tuning the keep-alive options for TCP connections, via a new TCPConn.SetKeepAliveConfig method and new KeepAliveConfig fields for Dialer and ListenConfig. * net: The DNSError type now wraps errors caused by timeouts or cancellation. For example, errors.Is(someDNSErr, context.DeadlineExceedeed) will now report whether a DNS error was caused by a timeout. * net: The new GODEBUG setting netedns0=0 disables sending EDNS0 additional headers on DNS requests, as they reportedly break the DNS server on some modems. * net/http: Cookie now preserves double quotes surrounding a cookie value. The new Cookie.Quoted field indicates whether the Cookie.Value was originally quoted. * net/http: The new Request.CookiesNamed method retrieves all cookies that match the given name. * net/http: The new Cookie.Partitioned field identifies cookies with the Partitioned attribute. * net/http: The patterns used by ServeMux now allow one or more spaces or tabs after the method name. Previously, only a single space was permitted. * net/http: The new ParseCookie function parses a Cookie header value and returns all the cookies which were set in it. Since the same cookie name can appear multiple times the returned Values can contain more than one value for a given key. * net/http: The new ParseSetCookie function parses a Set-Cookie header value and returns a cookie. It returns an error on syntax error. * net/http: ServeContent, ServeFile, and ServeFileFS now remove the Cache-Control, Content-Encoding, Etag, and Last-Modified headers when serving an error. These headers usually apply to the non-error content, but not to the text of errors. * net/http: Middleware which wraps a ResponseWriter and applies on-the-fly encoding, such as Content-Encoding: gzip, will not function after this change. The previous behavior of ServeContent, ServeFile, and ServeFileFS may be restored by setting GODEBUG=httpservecontentkeepheaders=1. Note that middleware which changes the size of the served content (such as by compressing it) already does not function properly when ServeContent handles a Range request. On-the-fly compression should use the Transfer-Encoding header instead of Content-Encoding. * net/http: For inbound requests, the new Request.Pattern field contains the ServeMux pattern (if any) that matched the request. This field is not set when GODEBUG=httpmuxgo121=1 is set. * net/http/httptest: The new NewRequestWithContext method creates an incoming request with a context.Context. * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to compare an Addr holding an IPv4 address to one holding the IPv4-mapped IPv6 form of that address incorrectly returned true, even though the Addr values were different when comparing with == or Addr.Compare. This bug is now fixed and all three approaches now report the same result. * os: The Stat function now sets the ModeSocket bit for files that are Unix sockets on Windows. These files are identified by having a reparse tag set to IO_REPARSE_TAG_AF_UNIX. * os: On Windows, the mode bits reported by Lstat and Stat for reparse points changed. Mount points no longer have ModeSymlink set, and reparse points that are not symlinks, Unix sockets, or dedup files now always have ModeIrregular set. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * os: The CopyFS function copies an io/fs.FS into the local filesystem. * os: On Windows, Readlink no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * os: On Linux with pidfd support (generally Linux v5.4+), Process-related functions and methods use pidfd (rather than PID) internally, eliminating potential mistargeting when a PID is reused by the OS. Pidfd support is fully transparent to a user, except for additional process file descriptors that a process may have. * path/filepath: The new Localize function safely converts a slash-separated path into an operating system path. * path/filepath: On Windows, EvalSymlinks no longer evaluates mount points, which was a source of many inconsistencies and bugs. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * path/filepath: On Windows, EvalSymlinks no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * reflect: The new methods synonymous with the methods of the same name in Value are added to Type: - Type.OverflowComplex - Type.OverflowFloat - Type.OverflowInt - Type.OverflowUint * reflect: The new SliceAt function is analogous to NewAt, but for slices. * reflect: The Value.Pointer and Value.UnsafePointer methods now support values of kind String. * reflect: The new methods Value.Seq and Value.Seq2 return sequences that iterate over the value as though it were used in a for/range loop. The new methods Type.CanSeq and Type.CanSeq2 report whether calling Value.Seq and Value.Seq2, respectively, will succeed without panicking. * runtime/debug: The SetCrashOutput function allows the user to specify an alternate file to which the runtime should write its fatal crash report. It may be used to construct an automated reporting mechanism for all unexpected crashes, not just those in goroutines that explicitly use recover. * runtime/pprof: The maximum stack depth for alloc, mutex, block, threadcreate and goroutine profiles has been raised from 32 to 128 frames. * runtime/trace: The runtime now explicitly flushes trace data when a program crashes due to an uncaught panic. This means that more complete trace data will be available in a trace if the program crashes while tracing is active. * slices: The Repeat function returns a new slice that repeats the provided slice the given number of times. * sync: The Map.Clear method deletes all the entries, resulting in an empty Map. It is analogous to clear. * sync/atomic: The new And and Or operators apply a bitwise AND or OR to the given input, returning the old value. * syscall: The syscall package now defines WSAENOPROTOOPT on Windows. * syscall: The GetsockoptInt function is now supported on Windows. * testing/fstest: TestFS now returns a structured error that can be unwrapped (via method Unwrap() []error). This allows inspecting errors using errors.Is or errors.As. * text/template: Templates now support the new 'else with' action, which reduces template complexity in some use cases. * time: Parse and ParseInLocation now return an error if the time zone offset is out of range. * unicode/utf16: The RuneLen function returns the number of 16-bit words in the UTF-16 encoding of the rune. It returns -1 if the rune is not a valid value to encode in UTF-16. * Port: Darwin: As announced in the Go 1.22 release notes, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. * Port: Linux: Go 1.23 is the last release that requires Linux kernel version 2.6.32 or later. Go 1.24 will require Linux kernel version 3.17 or later, with an exception that systems running 3.10 or later will continue to be supported if the kernel has been patched to support the getrandom system call. * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64). * Port: ARM64: Go 1.23 introduces a new GOARM64 environment variable, which specifies the minimum target version of the ARM64 architecture at compile time. Allowed values are v8.{0-9} and v9.{0-5}. This may be followed by an option specifying extensions implemented by target hardware. Valid options are ,lse and ,crypto. The GOARM64 environment variable defaults to v8.0. * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment variable, which selects the RISC-V user-mode application profile for which to compile. Allowed values are rva20u64 and rva22u64. The GORISCV64 environment variable defaults to rva20u64. * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm has dropped support for versions of wasmtime < 14.0.0. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3214-1 Released: Thu Sep 12 11:33:59 2024 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1230252,1230253,1230254,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158 This update for go1.23 fixes the following issues: - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252) - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253) - CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3574-1 Released: Wed Oct 9 15:29:43 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - Version update 1.23.2 includes fixes to the compiler, cgo, the runtime, maps, os, os/exec, time, and unique packages (bsc#1229122) * os: double close pidfd if caller uses pidfd updated by os.StartProcess * maps: segmentation violation in maps.Clone * cmd/cgo: alignment issue with int128 inside of a struct * unique: fatal error: found pointer to free object * runtime,time: timer.Stop returns false even when no value is read from the channel * unique: large string still referenced, after interning only a small substring * os/exec: resource leak on exec failure * cmd/compile: mysterious crashes and non-determinism with range over func ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4002-1 Released: Mon Nov 18 10:47:17 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - Update to version go1.23.3 (bsc#1229122) * runtime: corrupted GoroutineProfile stack traces * runtime: multi-arch build via qemu fails to exec go binary * os: os.checkPidfd() crashes with SIGSYS * runtime: TestGdbAutotmpTypes failures * cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit * runtime: MutexProfile missing root frames in go1.23 * time,runtime: too many concurrent timer firings for short time.Ticker * time,runtime: too many concurrent timer firings for short, fast-resetting time.Timer * cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15 * net/http/pprof: coroutines + pprof makes the program panic * net/http: short writes with FileServer on macos ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4259-1 Released: Mon Dec 9 10:06:34 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. (bsc#1229122) * go#70644 crypto/rsa: new key generation prohibitively slow under race detector * go#70645 proposal: go/types: add Scope.Node convenience getter * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 * go#70654 cmd/go: Incorrect output from go list * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes * go#70658 x/net/http2: stuck extended CONNECT requests * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-mips * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header * go#70665 x/tools/gopls: refactor.extract.variable fails at package level * go#70666 x/tools/gopls: panic in GetIfaceStubInfo * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates * go#70668 proposal: x/mobile: better support for unrecovered panics * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 * go#70677 all: remote file server I/O flakiness with 'Bad fid' errors on plan9 * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:280-1 Released: Wed Jan 29 08:33:57 2025 Summary: Security update for go1.23 Type: security Severity: important References: 1229122,1236045,1236046,CVE-2024-45336,CVE-2024-45341 This update for go1.23 fixes the following issues: - Update to go1.23.5 (bsc#1229122) - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:393-1 Released: Mon Feb 10 08:34:28 2025 Summary: Security update for go1.23 Type: security Severity: moderate References: 1229122,1236801,CVE-2025-22866 This update for go1.23 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: - go1.23 release tracking (bsc#1229122) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - go1.23-doc-1.23.6-150000.1.21.1 added - libsystemd0-254.23-150600.4.25.1 updated - go1.23-1.23.6-150000.1.21.1 added - go1.23-race-1.23.6-150000.1.21.1 added - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated - go1.22-1.22.12-150000.1.42.1 removed - go1.22-doc-1.22.12-150000.1.42.1 removed - go1.22-race-1.22.12-150000.1.42.1 removed From sle-container-updates at lists.suse.com Mon Feb 17 14:49:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:49:02 +0100 (CET) Subject: SUSE-CU-2025:971-1: Recommended update of bci/golang Message-ID: <20250217144902.940BCFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:971-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.24 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.24 Container Release : 55.24 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:49:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:49:25 +0100 (CET) Subject: SUSE-CU-2025:972-1: Recommended update of bci/golang Message-ID: <20250217144925.B6BAAFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:972-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.23 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.23 Container Release : 55.23 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:49:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:49:37 +0100 (CET) Subject: SUSE-CU-2025:973-1: Security update of suse/helm Message-ID: <20250217144937.462E9FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:973-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-39.8 , suse/helm:latest Container Release : 39.8 Severity : important Type : security References : 1231472 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:49:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:49:58 +0100 (CET) Subject: SUSE-CU-2025:974-1: Recommended update of bci/bci-init Message-ID: <20250217144958.DFB3BFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:974-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.22 , bci/bci-init:latest Container Release : 30.22 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - systemd-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:50:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:50:27 +0100 (CET) Subject: SUSE-CU-2025:975-1: Security update of bci/kiwi Message-ID: <20250217145027.324BEFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:975-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.8 , bci/kiwi:latest Container Release : 21.8 Severity : moderate Type : security References : 1229228 1231472 1233265 1233752 1234313 1234765 1236705 1236960 CVE-2025-0938 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:500-1 Released: Thu Feb 13 09:26:54 2025 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1233265 This update for mdadm fixes the following issue: - mdopen: add /sbin to PATH when call system('modprobe md_mod') (bsc#1233265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - mdadm-4.3-150600.3.9.2 updated - libsystemd0-254.23-150600.4.25.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - systemd-254.23-150600.4.25.1 updated - python3-3.6.15-150300.10.81.1 updated - python3-devel-3.6.15-150300.10.81.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:50:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:50:49 +0100 (CET) Subject: SUSE-CU-2025:976-1: Recommended update of bci/nodejs Message-ID: <20250217145049.21A9FFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:976-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.27 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.27 , bci/nodejs:latest Container Release : 48.27 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:51:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:51:18 +0100 (CET) Subject: SUSE-CU-2025:977-1: Recommended update of bci/openjdk Message-ID: <20250217145118.D919AFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:977-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-32.24 , bci/openjdk:latest Container Release : 32.24 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:51:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:51:40 +0100 (CET) Subject: SUSE-CU-2025:978-1: Recommended update of bci/php-apache Message-ID: <20250217145140.E2CB8FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:978-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.26 , bci/php-apache:latest Container Release : 48.26 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:52:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:52:00 +0100 (CET) Subject: SUSE-CU-2025:979-1: Recommended update of bci/php-fpm Message-ID: <20250217145200.2E2BEFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:979-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.26 , bci/php-fpm:latest Container Release : 48.26 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:52:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:52:35 +0100 (CET) Subject: SUSE-CU-2025:981-1: Recommended update of suse/postgres Message-ID: <20250217145235.936F3FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:981-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-59.8 Container Release : 59.8 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:52:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:52:41 +0100 (CET) Subject: SUSE-CU-2025:982-1: Recommended update of suse/postgres Message-ID: <20250217145241.04308FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:982-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-40.8 , suse/postgres:latest Container Release : 40.8 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:53:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:53:12 +0100 (CET) Subject: SUSE-CU-2025:983-1: Security update of bci/python Message-ID: <20250217145312.099CBFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:983-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.24 Container Release : 61.24 Severity : moderate Type : security References : 1228165 1229228 1231472 1231795 1233752 1234313 1234765 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:551-1 Released: Fri Feb 14 16:09:46 2025 Summary: Security update for python311 Type: security Severity: moderate References: 1228165,1231795,1236705,CVE-2025-0938 This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. (bsc#1231795) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libpython3_11-1_0-3.11.11-150600.3.16.2 updated - python311-base-3.11.11-150600.3.16.2 updated - python311-3.11.11-150600.3.16.2 updated - libsystemd0-254.23-150600.4.25.1 updated - python311-devel-3.11.11-150600.3.16.2 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:53:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:53:38 +0100 (CET) Subject: SUSE-CU-2025:984-1: Security update of bci/python Message-ID: <20250217145338.6672AFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:984-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-61.26 , bci/python:latest Container Release : 61.26 Severity : important Type : security References : 1228165 1229228 1231472 1233752 1234290 1234313 1234765 1236705 CVE-2024-12254 CVE-2025-0938 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:521-1 Released: Thu Feb 13 17:10:49 2025 Summary: Security update for python312 Type: security Severity: important References: 1228165,1234290,1236705,CVE-2024-12254,CVE-2025-0938 This update for python312 fixes the following issues: - CVE-2025-0938: Functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705). - CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290). Other bugfixes: - Position of SUSE Python interpreters on Externally managed environments (bsc#1228165). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libpython3_12-1_0-3.12.9-150600.3.18.1 updated - python312-base-3.12.9-150600.3.18.1 updated - python312-3.12.9-150600.3.18.1 updated - libsystemd0-254.23-150600.4.25.1 updated - python312-devel-3.12.9-150600.3.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:53:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:53:59 +0100 (CET) Subject: SUSE-CU-2025:985-1: Security update of bci/python Message-ID: <20250217145359.A311BFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:985-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.25 Container Release : 60.25 Severity : moderate Type : security References : 1229228 1231472 1233752 1234313 1234765 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - python3-devel-3.6.15-150300.10.81.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 14:54:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 15:54:46 +0100 (CET) Subject: SUSE-CU-2025:988-1: Security update of containers/apache-tomcat Message-ID: <20250217145446.D7373FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:988-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.23 Container Release : 62.23 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:01:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:01:54 +0100 (CET) Subject: SUSE-CU-2025:988-1: Security update of containers/apache-tomcat Message-ID: <20250217150154.9D695FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:988-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.23 Container Release : 62.23 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:02:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:02:06 +0100 (CET) Subject: SUSE-CU-2025:989-1: Security update of containers/apache-tomcat Message-ID: <20250217150206.CBEDBFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:989-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.23 Container Release : 62.23 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:02:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:02:20 +0100 (CET) Subject: SUSE-CU-2025:990-1: Security update of containers/apache-tomcat Message-ID: <20250217150220.7C1D8FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:990-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.23 Container Release : 62.23 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:02:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:02:31 +0100 (CET) Subject: SUSE-CU-2025:991-1: Security update of containers/apache-tomcat Message-ID: <20250217150231.82D22FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:991-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.24 Container Release : 62.24 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:02:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:02:42 +0100 (CET) Subject: SUSE-CU-2025:992-1: Security update of containers/apache-tomcat Message-ID: <20250217150242.CC6ECFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:992-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.24 Container Release : 62.24 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:02:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:02:54 +0100 (CET) Subject: SUSE-CU-2025:993-1: Security update of containers/apache-tomcat Message-ID: <20250217150254.095F3FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:993-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.24 Container Release : 62.24 Severity : important Type : security References : 1231472 1236878 1236960 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:03:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:03:01 +0100 (CET) Subject: SUSE-CU-2025:994-1: Security update of containers/apache-tomcat Message-ID: <20250217150301.E38EFFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:994-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.24 Container Release : 62.24 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:03:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:03:08 +0100 (CET) Subject: SUSE-CU-2025:995-1: Security update of containers/python Message-ID: <20250217150308.E3BDCFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:995-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.23 Container Release : 44.23 Severity : moderate Type : security References : 1228165 1229228 1231472 1231795 1233752 1234313 1234765 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:551-1 Released: Fri Feb 14 16:09:46 2025 Summary: Security update for python311 Type: security Severity: moderate References: 1228165,1231795,1236705,CVE-2025-0938 This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. (bsc#1231795) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libpython3_11-1_0-3.11.11-150600.3.16.2 updated - python311-base-3.11.11-150600.3.16.2 updated - python311-3.11.11-150600.3.16.2 updated - libsystemd0-254.23-150600.4.25.1 updated - python311-devel-3.11.11-150600.3.16.2 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:03:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:03:15 +0100 (CET) Subject: SUSE-CU-2025:996-1: Recommended update of containers/python Message-ID: <20250217150315.8404FFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:996-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.24 Container Release : 51.24 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:04:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:04:08 +0100 (CET) Subject: SUSE-CU-2025:998-1: Security update of suse/sle15 Message-ID: <20250217150408.5B9C6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:998-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.11 , suse/sle15:15.6 , suse/sle15:15.6.47.20.11 Container Release : 47.20.11 Severity : important Type : security References : 1229228 1233752 1234313 1234765 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:04:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:04:35 +0100 (CET) Subject: SUSE-CU-2025:999-1: Security update of bci/spack Message-ID: <20250217150435.0AE45FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:999-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-2.8 , bci/spack:latest Container Release : 2.8 Severity : moderate Type : security References : 1229228 1233752 1234313 1234765 1236705 1236960 CVE-2025-0938 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:04:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:04:41 +0100 (CET) Subject: SUSE-CU-2025:1000-1: Security update of bci/bci-base-fips Message-ID: <20250217150441.46F96FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1000-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.35 Container Release : 3.35 Severity : moderate Type : security References : 1236705 CVE-2025-0938 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - sles-release-15.7-150700.20.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - container:sles15-image-15.7.0-4.2.19 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:04:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:04:45 +0100 (CET) Subject: SUSE-CU-2025:1001-1: Security update of bci/bci-init Message-ID: <20250217150445.422C0FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1001-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.35 Container Release : 3.35 Severity : moderate Type : security References : 1229228 1233752 1234313 1234765 1236619 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - libsystemd0-254.23-150600.4.25.1 updated - systemd-254.23-150600.4.25.1 updated - container:sles15-image-15.7.0-4.2.19 updated From sle-container-updates at lists.suse.com Mon Feb 17 15:04:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:04:49 +0100 (CET) Subject: SUSE-CU-2025:1002-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250217150449.5B60DFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1002-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.24 Container Release : 4.24 Severity : moderate Type : security References : 1236619 1236705 CVE-2025-0938 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - kernel-macros-6.4.0-150700.43.1 updated - libopenssl1_1-1.1.1w-150700.9.14 updated - kernel-devel-6.4.0-150700.43.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - kernel-default-devel-6.4.0-150700.43.1 updated - kernel-syms-6.4.0-150700.43.1 updated - container:sles15-image-15.7.0-4.2.19 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:03:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:03:44 +0100 (CET) Subject: SUSE-IU-2025:628-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250218080344.D6DA8FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:628-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.144 , suse/sle-micro/base-5.5:latest Image Release : 5.8.144 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - glibc-locale-base-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:04:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:04:16 +0100 (CET) Subject: SUSE-IU-2025:629-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250218080416.7019DFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:629-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.278 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.278 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - glibc-locale-base-2.31-150300.92.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.144 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:05:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:05:03 +0100 (CET) Subject: SUSE-IU-2025:630-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250218080503.D13E8FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:630-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.320 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.320 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - glibc-locale-base-2.31-150300.92.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.243 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:06:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:06:01 +0100 (CET) Subject: SUSE-IU-2025:631-1: Security update of suse/sle-micro/5.5 Message-ID: <20250218080601.D6EA2FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:631-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.243 , suse/sle-micro/5.5:latest Image Release : 5.5.243 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - glibc-locale-base-2.31-150300.92.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.144 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:12:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:12:02 +0100 (CET) Subject: SUSE-CU-2025:1006-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250218081202.45C95FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1006-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.88 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.88 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:16:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:16:02 +0100 (CET) Subject: SUSE-CU-2025:1008-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250218081602.4389DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1008-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.88 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.88 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:17:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:17:33 +0100 (CET) Subject: SUSE-CU-2025:1009-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250218081733.7D8B9FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1009-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.137 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.137 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:18:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:18:07 +0100 (CET) Subject: SUSE-CU-2025:1010-1: Security update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20250218081807.C90D0FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1010-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3-9.19 , suse/ltss/sle15.3/bci-base-fips:latest Container Release : 9.19 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.3.0-2.44 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:18:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:18:51 +0100 (CET) Subject: SUSE-CU-2025:1011-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250218081851.5FDB6FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1011-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.44 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.44 , suse/ltss/sle15.3/sle15:latest Container Release : 2.44 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:19:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:19:16 +0100 (CET) Subject: SUSE-CU-2025:1012-1: Security update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250218081916.F2876FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1012-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.26 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.26 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:20:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:20:03 +0100 (CET) Subject: SUSE-CU-2025:1013-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250218082003.8153DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1013-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.24 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.24 , suse/ltss/sle15.4/sle15:latest Container Release : 2.24 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:23:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:23:05 +0100 (CET) Subject: SUSE-CU-2025:1014-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250218082305.10970FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1014-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.14 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.14 , suse/ltss/sle15.5/sle15:latest Container Release : 4.14 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:29:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:29:04 +0100 (CET) Subject: SUSE-CU-2025:1027-1: Security update of bci/kiwi Message-ID: <20250218082904.3976FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1027-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.10 , bci/kiwi:latest Container Release : 21.10 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libudev1-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:30:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:30:29 +0100 (CET) Subject: SUSE-CU-2025:1030-1: Recommended update of bci/openjdk-devel Message-ID: <20250218083029.D3AB4FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1030-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.1 , bci/openjdk-devel:latest Container Release : 33.1 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - container:bci-openjdk-21-803c51aa1a375927d0810f2f4922a905856a45bd1fa39a3203f98fd4d40b78c3-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:31:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:31:10 +0100 (CET) Subject: SUSE-CU-2025:1031-1: Security update of bci/openjdk Message-ID: <20250218083110.74FB0FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1031-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.1 , bci/openjdk:latest Container Release : 33.1 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:31:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:31:41 +0100 (CET) Subject: SUSE-CU-2025:1032-1: Recommended update of suse/pcp Message-ID: <20250218083141.3302DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1032-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.26 , suse/pcp:latest Container Release : 42.26 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - systemd-254.23-150600.4.25.1 updated - container:bci-bci-init-15.6-b0d4c27d25ece53d413e14060a153d4fd5442ca583b362bd8db49596846b8987-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:32:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:32:19 +0100 (CET) Subject: SUSE-CU-2025:1033-1: Security update of bci/php-apache Message-ID: <20250218083219.1A047FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1033-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.28 , bci/php-apache:latest Container Release : 48.28 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:32:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:32:56 +0100 (CET) Subject: SUSE-CU-2025:1034-1: Security update of bci/php-fpm Message-ID: <20250218083256.9F0EAFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1034-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.28 , bci/php-fpm:latest Container Release : 48.28 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:33:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:33:29 +0100 (CET) Subject: SUSE-CU-2025:1035-1: Security update of bci/php Message-ID: <20250218083329.71019FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1035-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.23 , bci/php:latest Container Release : 48.23 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:34:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:34:58 +0100 (CET) Subject: SUSE-CU-2025:1038-1: Security update of bci/python Message-ID: <20250218083458.6ACC3FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1038-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.26 Container Release : 61.26 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 08:35:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 09:35:45 +0100 (CET) Subject: SUSE-CU-2025:1039-1: Security update of bci/python Message-ID: <20250218083545.37165FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1039-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.1 , bci/python:latest Container Release : 62.1 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 12:54:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 13:54:20 +0100 (CET) Subject: SUSE-CU-2025:1040-1: Recommended update of containers/milvus Message-ID: <20250218125420.CAA84FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1040-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.38 Container Release : 7.38 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - boost-license1_86_0-1.86.0-150600.1.5 updated - libaws-c-common1-0.9.28-150600.1.7 updated - libfmt9-9.1.0-150600.1.7 updated - libgflags2_2-2.2.2-150600.1.7 updated - libopentracing-cpp1-1.6.0-150600.1.7 updated - libsimdjson22-v3.9.5-150600.1.7 updated - libtbb12-2021.13.0-150600.1.6 updated - liburing2-2.6-150600.1.7 updated - libzstd1-1.5.6-150600.1.6 updated - minio-client-20241008T093726Z-150600.1.10 updated - libboost_program_options1_86_0-1.86.0-150600.1.5 updated - libboost_filesystem1_86_0-1.86.0-150600.1.5 updated - libboost_context1_86_0-1.86.0-150600.1.5 updated - libaws-checksums1-0.1.20-150600.1.8 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.7 updated - libaws-c-compression1_0_0-0.2.18-150600.1.6 updated - libglog-4-0-0.4.0-150600.1.7 updated - libprotobuf3_21_12-21.12-150600.1.8 updated - libprotobuf25_5_0-25.5-150600.2.32 updated - librocksdb6-6.29.5-150600.2.6 updated - libsystemd0-254.23-150600.4.25.1 updated - libthrift-0_17_0-0.17.0-150600.1.8 updated - libs2n0unstable-1.5.1-150600.1.7 updated - libaws-c-cal0unstable-0.7.4-150600.1.6 updated - libfolly0-2023.10.30.00-150600.1.6 updated - libaws-c-io0unstable-0.14.18-150600.1.6 updated - libarrow1700-17.0.0-150600.2.8 updated - libaws-c-http1_0_0-0.8.10-150600.1.7 updated - libaws-c-event-stream1-0.4.2-150600.1.6 updated - libparquet1700-17.0.0-150600.2.8 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.7 updated - libaws-c-auth1_0_0-0.7.31-150600.1.6 updated - librdkafka1-2.3.0-150600.1.5 updated - libprometheus-cpp0_13-0.13.0-150600.1.7 updated - libaws-c-s3-0unstable-0.6.6-150600.1.7 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.6 updated - libaws-crt-cpp1-0.28.3-150600.1.7 updated - aws-sdk-cpp-libs-1.11.412-150600.1.6 updated - milvus-cppcpu-2.4.6-150600.1.7 updated - milvus-2.4.6-150600.1.12 updated From sle-container-updates at lists.suse.com Tue Feb 18 12:55:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 13:55:29 +0100 (CET) Subject: SUSE-CU-2025:1041-1: Recommended update of containers/ollama Message-ID: <20250218125529.36C05FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1041-1 Container Tags : containers/ollama:0.5 , containers/ollama:0.5.7 , containers/ollama:0.5.7-6.9 Container Release : 6.9 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - cuda-cccl-12-5-12.5.39-150600.2.1 updated - cuda-crt-12-5-12.5.82-150600.2.1 updated - cuda-nvvm-12-5-12.5.82-150600.2.1 updated - cuda-toolkit-12-5-config-common-12.5.82-150600.2.1 updated - cuda-toolkit-12-config-common-12.5.82-150600.2.1 updated - cuda-toolkit-config-common-12.5.82-150600.2.1 updated - findutils-4.8.0-150300.3.3.2 updated - pkg-config-0.29.2-1.436 added - libcublas-12-5-12.5.3.2-150600.1.8 updated - cuda-cudart-12-5-12.5.82-150600.2.1 updated - cuda-driver-devel-12-5-12.5.82-150600.1.9 added - permissions-20240826-150600.10.18.2 updated - ollama-nvidia-0.5.7-150600.1.1 updated - container:registry.suse.com-bci-bci-base-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated - container:registry.suse.com-bci-bci-micro-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 12:56:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 13:56:37 +0100 (CET) Subject: SUSE-CU-2025:1042-1: Security update of containers/open-webui Message-ID: <20250218125637.BED42FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1042-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.29 Container Release : 7.29 Severity : important Type : security References : 1228165 1229228 1231472 1231795 1233752 1234313 1234765 1236705 1236878 1236960 CVE-2024-12133 CVE-2025-0938 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:551-1 Released: Fri Feb 14 16:09:46 2025 Summary: Security update for python311 Type: security Severity: moderate References: 1228165,1231795,1236705,CVE-2025-0938 This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. (bsc#1231795) The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.6 updated - libudev1-254.23-150600.4.25.1 updated - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libgflags2_2-2.2.2-150600.1.7 updated - libtbb12-2021.13.0-150600.1.6 updated - libthrift-0_17_0-0.17.0-150600.1.8 updated - opencv4-cascades-data-4.10.0-150600.1.12 updated - libprotobuf25_5_0-25.5-150600.2.32 updated - libpython3_11-1_0-3.11.11-150600.3.16.2 updated - python311-base-3.11.11-150600.3.16.2 updated - python311-3.11.11-150600.3.16.2 updated - libglog-4-0-0.4.0-150600.1.7 updated - libsystemd0-254.23-150600.4.25.1 updated - python311-xlrd-2.0.1-150600.1.8 updated - python311-wrapt-1.16.0-150600.1.8 updated - python311-validators-0.34.0-150600.1.8 updated - python311-uritemplate-4.1.1-150600.1.6 updated - python311-tzdata-2024.1-150600.1.7 updated - python311-typing_extensions-4.12.2-150600.1.7 updated - python311-tqdm-4.66.4-150600.1.8 updated - python311-threadpoolctl-3.5.0-150600.1.5 updated - python311-tenacity-9.0.0-150600.1.6 updated - python311-sniffio-1.3.1-150600.1.8 updated - python311-six-1.16.0-150600.1.8 updated - python311-setuptools-72.1.0-150600.1.6 updated - python311-safetensors-0.4.3-150600.1.10 updated - python311-regex-2024.5.15-150600.1.8 updated - python311-red-black-tree-mod-1.22-150600.1.8 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.6 updated - python311-pyxlsb-1.0.10-150600.1.8 updated - python311-pytube-15.0.0-150600.1.8 updated - python311-python-iso639-2024.4.27-150600.1.7 updated - python311-pypdf-4.3.1-150600.1.6 updated - python311-pymongo-4.6.3-150600.1.9 updated - python311-psycopg2-2.9.9-150600.1.11 updated - python311-protobuf-4.25.5-150600.2.32 updated - python311-primp-0.6.3-150600.1.9 updated - python311-pluggy-1.5.0-150600.1.8 updated - python311-peewee-3.17.6-150600.1.8 updated - python311-packaging-24.1-150600.1.6 updated - python311-overrides-7.7.0-150600.1.8 updated - python311-orjson-3.10.7-150600.1.11 updated - python311-onnxruntime-1.19.2-150600.1.6 updated - python311-olefile-0.47-150600.1.8 updated - python311-nest-asyncio-1.6.0-150600.1.7 updated - python311-monotonic-1.6-150600.1.6 updated - python311-mmh3-4.1.0-150600.1.8 updated - python311-langsmith-0.1.52-150600.1.7 updated - python311-langfuse-2.44.0-150600.1.7 updated - python311-langchain-chroma-0.1.4-150600.1.7 updated - python311-jsonpath-python-1.0.6-150600.1.8 updated - python311-jiter-0.5.0-150600.1.9 updated - python311-jdcal-1.4.1-150600.1.7 updated - python311-importlib-resources-6.1.1-150600.1.8 updated - python311-idna-3.8-150600.1.7 updated - python311-greenlet-3.1.0-150600.1.10 updated - python311-filetype-1.2.0-150600.1.6 updated - python311-emoji-2.13.2-150600.1.8 updated - python311-einops-0.8.0-150600.1.5 updated - python311-ebcdic-1.1.1-150600.1.7 updated - python311-easygui-0.98.3-150600.1.6 updated - python311-docx2txt-0.8-150600.1.8 updated - python311-django-cache-url-3.4.5-150600.1.8 updated - python311-dj-email-url-1.0.6-150600.1.6 updated - python311-distro-1.9.0-150600.1.8 updated - python311-dill-0.3.8-150600.1.9 updated - python311-defusedxml-0.7.1-150600.1.7 updated - python311-compressed_rtf-1.0.6-150600.1.7 updated - python311-colorclass-2.2.2-150600.1.7 updated - python311-click-8.1.7-150600.1.8 updated - python311-charset-normalizer-3.3.2-150600.1.8 updated - python311-certifi-2024.7.4-150600.1.21 updated - python311-cchardet-2.1.19-150600.1.18 updated - python311-bitarray-2.9.2-150600.1.8 updated - python311-bcrypt-4.2.0-150600.1.10 updated - python311-backoff-2.2.1-150600.1.7 updated - python311-appdirs-1.4.4-150600.1.6 updated - python311-annotated-types-0.7.0-150600.1.7 updated - python311-aiohappyeyeballs-2.3.7-150600.1.7 updated - python311-XlsxWriter-3.2.0-150600.1.7 updated - python311-PyYAML-6.0.1-150600.1.8 updated - python311-PyPika-0.48.9-150600.1.8 updated - python311-pypandoc-1.14-150600.1.6 updated - python311-importlib-metadata-7.1.0-150600.1.8 updated - python311-ftfy-6.0.3-150600.1.7 updated - python311-pydantic-core-2.23.4-150600.1.8 updated - python311-asgiref-3.8.1-150600.1.7 updated - python311-lark-1.1.9-150600.1.7 updated - python311-cffi-1.17.0-150600.1.8 updated - python311-proto-plus-1.24.0-150600.1.7 updated - python311-opentelemetry-proto-1.27.0-150600.1.6 updated - python311-Pillow-10.4.0-150600.1.8 updated - python311-typing-inspect-0.9.0-150600.1.8 updated - python311-jsonpatch-1.33-150600.1.7 updated - python311-fake-useragent-1.5.1-150600.1.6 updated - python311-yarl-1.13.1-150600.1.7 updated - python311-anyio-4.4.0-150600.1.8 updated - python311-SQLAlchemy-2.0.32-150600.1.9 updated - python311-multiprocess-0.70.16-150600.1.6 updated - python311-python-oxmsg-0.0.1-150600.1.6 updated - python311-peewee-migrate-1.13.0-150600.1.7 updated - python311-pytest-8.3.2-150600.1.8 updated - python311-redis-5.0.8-150600.1.7 updated - python311-uvicorn-0.30.6-150600.1.7 updated - python311-Werkzeug-3.0.4-150600.1.7 updated - python311-grpcio-1.65.0-150600.1.7 updated - libarrow1700-17.0.0-150600.2.8 updated - python311-mpmath-1.3.0-150600.1.8 updated - libctranslate2-4-4.4.0-150600.1.6 updated - python311-build-1.2.1-150600.1.7 updated - python311-Markdown-3.7-150600.1.8 updated - python311-opentelemetry-api-1.27.0-150600.1.6 updated - python311-pydantic-2.9.2-150600.1.6 updated - python311-cryptography-43.0.1-150600.1.12 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.6 updated - python311-rich-13.7.1-150600.1.7 updated - python311-starlette-0.38.5-150600.1.6 updated - python311-httpcore-1.0.5-150600.1.6 updated - python311-aiohttp-3.10.8-150600.1.7 updated - python311-python-pptx-1.0.2-150600.1.5 updated - python311-et_xmlfile-1.0.1-150600.1.7 updated - python311-beautifulsoup4-4.12.3-150600.1.6 updated - python311-pytest-docker-3.1.1-150600.1.7 updated - python311-duckduckgo-search-6.2.13-150600.1.6 updated - python311-APScheduler-3.10.4-150600.1.8 updated - python311-alembic-1.13.2-150600.1.6 updated - python311-Flask-3.0.3-150600.1.6 updated - python311-googleapis-common-protos-1.63.2-150600.1.7 updated - libparquet1700-17.0.0-150600.2.8 updated - libarrow_acero1700-17.0.0-150600.2.8 updated - python311-psutil-6.0.0-150600.1.9 updated - python311-python-jose-3.3.0-150600.1.7 updated - python311-ctranslate2-4.4.0-150600.1.8 updated - python311-numpy1-1.26.4-150600.1.19 updated - python311-opentelemetry-semantic-conventions-0.48b0-150600.1.6 updated - python311-opentelemetry-instrumentation-0.48b0-150600.1.6 updated - python311-langchain-core-0.2.38-150600.1.7 updated - python311-dataclasses-json-0.6.7-150600.1.7 updated - python311-pyOpenSSL-24.2.1-150600.1.6 updated - python311-msoffcrypto-tool-4.10.2-150600.1.7 updated - python311-PyMySQL-1.1.1-150600.1.7 updated - python311-PyJWT-2.9.0-150600.1.7 updated - python311-argon2-cffi-23.1.0-150600.1.5 updated - python311-typer-slim-0.12.5-150600.1.7 updated - python311-fastapi-0.114.2-150600.1.7 updated - python311-httpx-0.27.2-150600.1.6 updated - python311-black-24.8.0-150600.1.6 updated - python311-openpyxl-3.1.5-150600.1.6 updated - python311-Flask-Cors-5.0.0-150600.1.6 updated - python311-grpcio-status-1.62.2-150600.1.8 updated - libarrow_flight1700-17.0.0-150600.2.8 updated - libarrow_dataset1700-17.0.0-150600.2.8 updated - python311-sympy-1.12.1-150600.1.7 updated - python311-scipy-1.14.1-150600.1.15 updated - python311-pandas-2.2.3-150600.1.20 updated - python311-joblib-1.4.2-150600.1.7 updated - python311-chroma-hnswlib-0.7.6-150600.2.5 updated - python311-opentelemetry-sdk-1.27.0-150600.1.6 updated - python311-langchain-text_splitters-0.2.16-150600.1.6 updated - python311-oletools-0.60.2-150600.1.6 updated - python311-Django-5.1.1-150600.1.7 updated - python311-typer-0.12.5-150600.1.7 updated - python311-openai-1.40.8-150600.1.7 updated - python311-pyarrow-17.0.0-150600.2.20 updated - python311-FontTools-4.53.1-150600.1.8 updated - python311-scikit-learn-1.5.1-150600.1.17 updated - python311-opentelemetry-util-http-0.48b0-150600.1.5 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.7 updated - python311-requests-2.32.3-150600.1.7 updated - python311-RTFDE-0.1.1-150600.1.6 updated - python311-dj-database-url-2.3.0-150600.1.7 updated - python311-fpdf2-2.7.9-150600.1.7 updated - libopencv410-4.10.0-150600.1.12 updated - python311-opentelemetry-instrumentation-asgi-0.48b0-150600.1.5 updated - python311-youtube-transcript-api-0.6.2-150600.1.6 updated - python311-tiktoken-0.7.0-150600.1.9 updated - python311-python-engineio-4.8.0-150600.1.7 updated - python311-posthog-3.6.0-150600.1.7 updated - python311-nltk-3.9.1-150600.1.7 updated - python311-google-auth-2.34.0-150600.1.7 updated - python311-fsspec-2024.3.1-150600.1.8 updated - python311-docker-7.1.0-150600.1.6 updated - python311-botocore-1.35.21-150600.1.8 updated - python311-extract-msg-0.49.0-150600.1.6 updated - python311-environs-11.0.0-150600.1.7 updated - libopencv_objdetect410-4.10.0-150600.1.12 updated - libopencv_imgcodecs410-4.10.0-150600.1.12 updated - python311-opentelemetry-instrumentation-fastapi-0.48b0-150600.1.6 updated - python311-unstructured-client-0.25.9-150600.1.7 updated - python311-langchain-community-0.2.12-150600.1.7 updated - python311-langchain-0.2.16-150600.1.6 updated - python311-python-socketio-5.11.4-150600.1.7 updated - python311-kubernetes-28.1.0-150600.1.6 updated - python311-google-auth-httplib2-0.2.0-150600.1.7 updated - python311-google-api-core-2.19.2-150600.1.7 updated - python311-huggingface-hub-0.23.4-150600.1.7 updated - python311-pymilvus-2.4.7-150600.1.8 updated - libopencv_face410-4.10.0-150600.1.12 updated - libopencv_aruco410-4.10.0-150600.1.12 updated - libopencv_ximgproc410-4.10.0-150600.1.12 updated - python311-google-api-python-client-2.143.0-150600.1.7 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.7 updated - python311-tokenizers-0.20.0-150600.1.9 updated - python311-boto3-1.35.21-150600.1.7 updated - python311-av-11.0.0-150600.1.8 updated - libopencv_optflow410-4.10.0-150600.1.12 updated - libopencv_highgui410-4.10.0-150600.1.12 updated - python311-google-generativeai-0.8.2-150600.1.7 updated - python311-chromadb-0.5.9-150600.1.7 updated - python311-anthropic-0.33.1-150600.1.7 updated - python311-faster_whisper-1.0.3-150600.1.8 updated - python311-pydub-0.25.1-150600.1.7 updated - libopencv_gapi410-4.10.0-150600.1.12 updated - libopencv_videoio410-4.10.0-150600.1.12 updated - python311-torch-2.3.1-150600.1.8 updated - python311-opencv-4.10.0-150600.1.12 updated - python311-datasets-3.0.1-150600.1.7 updated - python311-transformers-4.44.2-150600.1.6 updated - python311-unstructured-0.15.9-150600.1.7 updated - python311-sentence-transformers-3.0.1-150600.1.7 updated - python311-colbert-ai-0.2.21-150600.1.7 updated - python311-open-webui-0.3.32-150600.1.49 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:01:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:01:17 +0100 (CET) Subject: SUSE-CU-2025:1044-1: Recommended update of bci/golang Message-ID: <20250218130117.E60F1FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1044-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.0 , bci/golang:1.24.0-1.34.5 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.5 Container Release : 34.5 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236217 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:509-1 Released: Thu Feb 13 12:32:59 2025 Summary: Recommended update for go1.24 Type: recommended Severity: moderate References: 1236217 This update for go1.24 fixes the following issues: go1.24 (released 2025-02-11) is a major release of Go. go1.24.x minor releases will be provided through February 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.24 arrives six months after Go 1.23. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1236217) * Language change: Go 1.24 now fully supports generic type aliases: a type alias may be parameterized like a defined type. See the language spec for details. For now, the feature can be disabled by setting GOEXPERIMENT=noaliastypeparams; but the aliastypeparams setting will be removed for Go 1.25. * go command: Go modules can now track executable dependencies using tool directives in go.mod. This removes the need for the previous workaround of adding tools as blank imports to a file conventionally named 'tools.go'. The go tool command can now run these tools in addition to tools shipped with the Go distribution. * go command: The new -tool flag for go get causes a tool directive to be added to the current module for named packages in addition to adding require directives. * go command: The new tool meta-pattern refers to all tools in the current module. This can be used to upgrade them all with go get tool or to install them into your GOBIN directory with go install tool. * go command: Executables created by go run and the new behavior of go tool are now cached in the Go build cache. This makes repeated executions faster at the expense of making the cache larger. See go#69290. * go command: The go build and go install commands now accept a -json flag that reports build output and failures as structured JSON output on standard output. For details of the reporting format, see go help buildjson. Furthermore, go test -json now reports build output and failures in JSON, interleaved with test result JSON. These are distinguished by new Action types, but if they cause problems in a test integration system, you can revert to the text build output with GODEBUG setting gotestjsonbuildtext=1. * go command: The new GOAUTH environment variable provides a flexible way to authenticate private module fetches. See go help goauth for more information. * go command: The go build command now sets the main module's version in the compiled binary based on the version control system tag and/or commit. A +dirty suffix will be appended if there are uncommitted changes. Use the -buildvcs=false flag to omit version control information from the binary. * go command: The new GODEBUG setting toolchaintrace=1 can be used to trace the go command's toolchain selection process. * cgo: cgo supports new annotations for C functions to improve run time performance. cgo noescape cFunctionName tells the compiler that memory passed to the C function cFunctionname does not escape. cgo nocallback cFunctionName tells the compiler that the C function cFunctionName does not call back to any Go functions. * cgo: cgo currently refuses to compile calls to a C function which has multiple incompatible declarations. For instance, if f is declared as both void f(int) and void f(double), cgo will report an error instead of possibly generating an incorrect call sequence for f(0). New in this release is a better detector for this error condition when the incompatible declarations appear in different files. See go#67699. * objdump: The objdump tool now supports dissassembly on 64-bit LoongArch (GOARCH=loong64), RISC-V (GOARCH=riscv64), and S390X (GOARCH=s390x). * vet: The new tests analyzer reports common mistakes in declarations of tests, fuzzers, benchmarks, and examples in test packages, such as malformed names, incorrect signatures, or examples that document non-existent identifiers. Some of these mistakes may cause tests not to run. This analyzer is among the subset of analyzers that are run by go test. * vet: The existing printf analyzer now reports a diagnostic for calls of the form fmt.Printf(s), where s is a non-constant format string, with no other arguments. Such calls are nearly always a mistake as the value of s may contain the % symbol; use fmt.Print instead. See go#60529. This check tends to produce findings in existing code, and so is only applied when the language version (as specified by the go.mod go directive or //go:build comments) is at least Go 1.24, to avoid causing continuous integration failures when updating to the 1.24 Go toolchain. * vet: The existing buildtag analyzer now reports a diagnostic when there is an invalid Go major version build constraint within a //go:build directive. For example, //go:build go1.23.1 refers to a point release; use //go:build go1.23 instead. See go#64127. * vet: The existing copylock analyzer now reports a diagnostic when a variable declared in a 3-clause 'for' loop such as for i := iter(); done(i); i = next(i) { ... } contains a sync.Locker, such as a sync.Mutex. Go 1.22 changed the behavior of these loops to create a new variable for each iteration, copying the value from the previous iteration; this copy operation is not safe for locks. See go#66387. * GOCACHEPROG: The cmd/go internal binary and test caching mechanism can now be implemented by child processes implementing a JSON protocol between the cmd/go tool and the child process named by the GOCACHEPROG environment variable. This was previously behind a GOEXPERIMENT. For protocol details, see the documentation. * Runtime: Several performance improvements to the runtime have decreased CPU overheads by 2-3% on average across a suite of representative benchmarks. Results may vary by application. These improvements include a new builtin map implementation based on Swiss Tables, more efficient memory allocation of small objects, and a new runtime-internal mutex implementation. * Runtime: The new builtin map implementation and new runtime-internal mutex may be disabled by setting GOEXPERIMENT=noswissmap and GOEXPERIMENT=nospinbitmutex at build time respectively. * Compiler: The compiler already disallowed defining new methods with receiver types that were cgo-generated, but it was possible to circumvent that restriction via an alias type. Go 1.24 now always reports an error if a receiver denotes a cgo-generated type, whether directly or indirectly (through an alias type). * Linker: The linker now generates a GNU build ID (the ELF NT_GNU_BUILD_ID note) on ELF platforms and a UUID (the Mach-O LC_UUID load command) on macOS by default. The build ID or UUID is derived from the Go build ID. It can be disabled by the -B none linker flag, or overridden by the -B 0xNNNN linker flag with a user-specified hexadecimal value. * Bootstrap: As mentioned in the Go 1.22 release notes, Go 1.24 now requires Go 1.22.6 or later for bootstrap. We expect that Go 1.26 will require a point release of Go 1.24 or later for bootstrap. * Standard library: Directory-limited filesystem access: The new os.Root type provides the ability to perform filesystem operations within a specific directory. The os.OpenRoot function opens a directory and returns an os.Root. Methods on os.Root operate within the directory and do not permit paths that refer to locations outside the directory, including ones that follow symbolic links out of the directory. The methods on os.Root mirror most of the file system operations available in the os package, including for example os.Root.Open, os.Root.Create, os.Root.Mkdir, and os.Root.Stat, * Standard library: new benchmark function: Benchmarks may now use the faster and less error-prone testing.B.Loop method to perform benchmark iterations like for b.Loop() { ... } in place of the typical loop structures involving b.N like for range b.N. This offers two significant advantages: 1) The benchmark function will execute exactly once per -count, so expensive setup and cleanup steps execute only once, and 2) Function call parameters and results are kept alive, preventing the compiler from fully optimizing away the loop body. * Standard library: Improved finalizers: The new runtime.AddCleanup function is a finalization mechanism that is more flexible, more efficient, and less error-prone than runtime.SetFinalizer. AddCleanup attaches a cleanup function to an object that will run once the object is no longer reachable. However, unlike SetFinalizer, multiple cleanups may be attached to a single object, cleanups may be attached to interior pointers, cleanups do not generally cause leaks when objects form a cycle, and cleanups do not delay the freeing of an object or objects it points to. New code should prefer AddCleanup over SetFinalizer. * Standard library: New weak package: The new weak package provides weak pointers. Weak pointers are a low-level primitive provided to enable the creation of memory-efficient structures, such as weak maps for associating values, canonicalization maps for anything not covered by package unique, and various kinds of caches. For supporting these use-cases, this release also provides runtime.AddCleanup and maphash.Comparable. * Standard library: New crypto/mlkem package: The new crypto/mlkem package implements ML-KEM-768 and ML-KEM-1024. ML-KEM is a post-quantum key exchange mechanism formerly known as Kyber and specified in FIPS 203. * Standard library: New crypto/hkdf, crypto/pbkdf2, and crypto/sha3 packages: The new crypto/hkdf package implements the HMAC-based Extract-and-Expand key derivation function HKDF, as defined in RFC 5869. The new crypto/pbkdf2 package implements the password-based key derivation function PBKDF2, as defined in RFC 8018. The new crypto/sha3 package implements the SHA-3 hash function and SHAKE and cSHAKE extendable-output functions, as defined in FIPS 202. All three packages are based on pre-existing golang.org/x/crypto/... packages. * FIPS: release includes a new set of mechanisms to facilitate FIPS 140-3 compliance. See https://go.dev/doc/security/fips140 The Go Cryptographic Module is a set of internal standard library packages that are transparently used to implement FIPS 140-3 approved algorithms. Applications require no changes to use the Go Cryptographic Module for approved algorithms. * FIPS: The new GOFIPS140 environment variable can be used to select the Go Cryptographic Module version to use in a build. The new fips140 GODEBUG setting can be used to enable FIPS 140-3 mode at runtime. * FIPS: Go 1.24 includes Go Cryptographic Module version v1.0.0, which is currently under test with a CMVP-accredited laboratory. * Standard library: New experimental testing/synctest package: The new experimental testing/synctest package provides support for testing concurrent code. The synctest.Run function starts a group of goroutines in an isolated 'bubble'. Within the bubble, time package functions operate on a fake clock. The synctest.Wait function waits for all goroutines in the current bubble to block. The synctest package is experimental and must be enabled by setting GOEXPERIMENT=synctest at build time. The package API is subject to change in future releases. See issue go#67434 for more information and to provide feeback. * archive: The (*Writer).AddFS implementations in both archive/zip and archive/tar now write a directory header for an empty directory. * bytes: The bytes package adds several functions that work with iterators. * bytes: Lines returns an iterator over the newline-terminated lines in a byte slice. * bytes: SplitSeq returns an iterator over all subslices of a byte slice split around a separator. * bytes: SplitAfterSeq returns an iterator over subslices of a byte slice split after each instance of a separator. * bytes: FieldsSeq returns an iterator over subslices of a byte slice split around runs of whitespace characters, as defined by unicode.IsSpace. * bytes: FieldsFuncSeq returns an iterator over subslices of a byte slice split around runs of Unicode code points satisfying a predicate. * crypto/aes: The value returned by NewCipher no longer implements the NewCTR, NewGCM, NewCBCEncrypter, and NewCBCDecrypter methods. These methods were undocumented and not available on all architectures. Instead, the Block value should be passed directly to the relevant crypto/cipher functions. For now, crypto/cipher still checks for those methods on Block values, even if they are not used by the standard library anymore. * crypto/aes: The Stream implementation returned by NewCTR when used with crypto/aes is now several times faster on amd64 and arm64. * crypto/cipher: The new NewGCMWithRandomNonce function returns an AEAD that implements AES-GCM by generating a random nonce during Seal and prepending it to the ciphertext. * crypto/cipher: NewOFB, NewCFBEncrypter, and NewCFBDecrypter are now deprecated. OFB and CFB mode are not authenticated, which generally enables active attacks to manipulate and recover the plaintext. It is recommended that applications use AEAD modes instead. If an unauthenticated Stream mode is required, use NewCTR instead. * crypto/ecdsa: PrivateKey.Sign now produces a deterministic signature according to RFC 6979 if the random source is nil. * crypto/md5: The value returned by md5.New now also implements the encoding.BinaryAppender interface. * crypto/rand: The Read function is now guaranteed not to fail. It will always return nil as the error result. If Read were to encounter an error while reading from Reader, the program will irrecoverably crash. Note that the platform APIs used by the default Reader are documented to always succeed, so this change should only affect programs that override the Reader variable. One exception are Linux kernels before version 3.17, where the default Reader still opens /dev/urandom and may fail. * crypto/rand: On Linux 6.11 and later, Reader now uses the getrandom system call via vDSO. This is several times faster, especially for small reads. * crypto/rand: On OpenBSD, Reader now uses arc4random_buf(3). * crypto/rand: The new Text function can be used to generate cryptographically secure random text strings. * crypto/rsa: GenerateKey now returns an error if a key of less than 1024 bits is requested. All Sign, Verify, Encrypt, and Decrypt methods now return an error if used with a key smaller than 1024 bits. Such keys are insecure and should not be used. GODEBUG setting rsa1024min=0 restores the old behavior, but we recommend doing so only if necessary and only in tests, for example by adding a //go:debug rsa1024min=0 line to a test file. A new GenerateKey example provides an easy-to-use standard 2048-bit test key. * crypto/rsa: It is now safe and more efficient to call PrivateKey.Precompute before PrivateKey.Validate. Precompute is now faster in the presence of partially filled out PrecomputedValues, such as when unmarshaling a key from JSON. * crypto/rsa: The package now rejects more invalid keys, even when Validate is not called, and GenerateKey may return new errors for broken random sources. The Primes and Precomputed fields of PrivateKey are now used and validated even when some values are missing. See also the changes to crypto/x509 parsing and marshaling of RSA keys described below. * crypto/rsa: SignPKCS1v15 and VerifyPKCS1v15 now support SHA-512/224, SHA-512/256, and SHA-3. * crypto/rsa: GenerateKey now uses a slightly different method to generate the private exponent (Carmichael's totient instead of Euler's totient). Rare applications that externally regenerate keys from only the prime factors may produce different but compatible results. * crypto/rsa: Public and private key operations are now up to two times faster on wasm. * crypto/sha1: The value returned by sha1.New now also implements the encoding.BinaryAppender interface. * crypto/sha256: The values returned by sha256.New and sha256.New224 now also implement the encoding.BinaryAppender interface. * crypto/sha512: The values returned by sha512.New, sha512.New384, sha512.New512_224 and sha512.New512_256 now also implement the encoding.BinaryAppender interface. * crypto/subtle: The new WithDataIndependentTiming function allows the user to run a function with architecture specific features enabled which guarantee specific instructions are data value timing invariant. This can be used to make sure that code designed to run in constant time is not optimized by CPU-level features such that it operates in variable time. Currently, WithDataIndependentTiming uses the PSTATE.DIT bit on arm64, and is a no-op on all other architectures. GODEBUG setting dataindependenttiming=1 enables the DIT mode for the entire Go program. * crypto/subtle: The XORBytes output must overlap exactly or not at all with the inputs. Previously, the behavior was otherwise undefined, while now XORBytes will panic. * crypto/tls: The TLS server now supports Encrypted Client Hello (ECH). This feature can be enabled by populating the Config.EncryptedClientHelloKeys field. * crypto/tls: The new post-quantum X25519MLKEM768 key exchange mechanism is now supported and is enabled by default when Config.CurvePreferences is nil. GODEBUG setting tlsmlkem=0 reverts the default. * crypto/tls: Support for the experimental X25519Kyber768Draft00 key exchange has been removed. * crypto/tls: Key exchange ordering is now handled entirely by the crypto/tls package. The order of Config.CurvePreferences is now ignored, and the contents are only used to determine which key exchanges to enable when the field is populated. * crypto/tls: The new ClientHelloInfo.Extensions field lists the IDs of the extensions received in the Client Hello message. This can be useful for fingerprinting TLS clients. * crypto/x509: The x509sha1 GODEBUG setting has been removed. Certificate.Verify no longer supports SHA-1 based signatures. * crypto/x509: OID now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * crypto/x509: The default certificate policies field has changed from Certificate.PolicyIdentifiers to Certificate.Policies. When parsing certificates, both fields will be populated, but when creating certificates policies will now be taken from the Certificate.Policies field instead of the Certificate.PolicyIdentifiers field. This change can be reverted with GODEBUG setting x509usepolicies=0. * crypto/x509: CreateCertificate will now generate a serial number using a RFC 5280 compliant method when passed a template with a nil Certificate.SerialNumber field, instead of failing. * crypto/x509: Certificate.Verify now supports policy validation, as defined in RFC 5280 and RFC 9618. The new VerifyOptions.CertificatePolicies field can be set to an acceptable set of policy OIDs. Only certificate chains with valid policy graphs will be returned from Certificate.Verify. * crypto/x509: MarshalPKCS8PrivateKey now returns an error instead of marshaling an invalid RSA key. (MarshalPKCS1PrivateKey doesn't have an error return, and its behavior when provided invalid keys continues to be undefined.) * crypto/x509: ParsePKCS1PrivateKey and ParsePKCS8PrivateKey now use and validate the encoded CRT values, so might reject invalid RSA keys that were previously accepted. Use GODEBUG setting x509rsacrt=0 to revert to recomputing the CRT values. * debug/elf: The debug/elf package adds support for handling symbol versions in dynamic ELF (Executable and Linkable Format) files. The new File.DynamicVersions method returns a list of dynamic versions defined in the ELF file. The new File.DynamicVersionNeeds method returns a list of dynamic versions required by this ELF file that are defined in other ELF objects. Finally, the new Symbol.HasVersion and Symbol.VersionIndex fields indicate the version of a symbol. * encoding: Two new interfaces, TextAppender and BinaryAppender, have been introduced to append the textual or binary representation of an object to a byte slice. These interfaces provide the same functionality as TextMarshaler and BinaryMarshaler, but instead of allocating a new slice each time, they append the data directly to an existing slice. These interfaces are now implemented by standard library types that already implemented TextMarshaler and/or BinaryMarshaler. * encoding/json: When marshaling, a struct field with the new omitzero option in the struct field tag will be omitted if its value is zero. If the field type has an IsZero() bool method, that will be used to determine whether the value is zero. Otherwise, the value is zero if it is the zero value for its type. The omitzero field tag is clearer and less error-prone than omitempty when the intent is to omit zero values. In particular, unlike omitempty, omitzero omits zero-valued time.Time values, which is a common source of friction. * encoding/json: If both omitempty and omitzero are specified, the field will be omitted if the value is either empty or zero (or both). * encoding/json: UnmarshalTypeError.Field now includes embedded structs to provide more detailed error messages. * go/types: All go/types data structures that expose sequences using a pair of methods such as Len() int and At(int) T now also have methods that return iterators, allowing you to simplify code. The methods are: Interface.EmbeddedTypes, Interface.ExplicitMethods, Interface.Methods, MethodSet.Methods, Named.Methods, Scope.Children, Struct.Fields, Tuple.Variables, TypeList.Types, TypeParamList.TypeParams, Union.Terms. * hash/adler32: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/crc32: The values returned by New and NewIEEE now also implement the encoding.BinaryAppender interface. * hash/crc64: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/fnv: The values returned by New32, New32a, New64, New64a, New128 and New128a now also implement the encoding.BinaryAppender interface. * hash/maphash: The new Comparable and WriteComparable functions can compute the hash of any comparable value. These make it possible to hash anything that can be used as a Go map key. * log/slog: The new DiscardHandler is a handler that is never enabled and always discards its output. * log/slog: Level and LevelVar now implement the encoding.TextAppender interface. * math/big: Float, Int and Rat now implement the encoding.TextAppender interface. * math/rand: Calls to the deprecated top-level Seed function no longer have any effect. To restore the old behavior use GODEBUG setting randseednop=0. For more background see proposal go#67273. * math/rand/v2: ChaCha8 and PCG now implement the encoding.BinaryAppender interface. * net: ListenConfig now uses MPTCP by default on systems where it is supported (currently on Linux only). * net: IP now implements the encoding.TextAppender interface. * net/http: Transport's limit on 1xx informational responses received in response to a request has changed. It previously aborted a request and returned an error after receiving more than 5 1xx responses. It now returns an error if the total size of all 1xx responses exceeds the Transport.MaxResponseHeaderBytes configuration setting. * net/http: In addition, when a request has a net/http/httptrace.ClientTrace.Got1xxResponse trace hook, there is now no limit on the total number of 1xx responses. The Got1xxResponse hook may return an error to abort a request. * net/http: Transport and Server now have an HTTP2 field which permits configuring HTTP/2 protocol settings. * net/http: The new Server.Protocols and Transport.Protocols fields provide a simple way to configure what HTTP protocols a server or client use. * net/http: The server and client may be configured to support unencrypted HTTP/2 connections. * net/http: When Server.Protocols contains UnencryptedHTTP2, the server will accept HTTP/2 connections on unencrypted ports. The server can accept both HTTP/1 and unencrypted HTTP/2 on the same port. * net/http: When Transport.Protocols contains UnencryptedHTTP2 and does not contain HTTP1, the transport will use unencrypted HTTP/2 for http:// URLs. If the transport is configured to use both HTTP/1 and unencrypted HTTP/2, it will use HTTP/1. * net/http: Unencrypted HTTP/2 support uses 'HTTP/2 with Prior Knowledge' (RFC 9113, section 3.3). The deprecated 'Upgrade: h2c' header is not supported. * net/netip: Addr, AddrPort and Prefix now implement the encoding.BinaryAppender and encoding.TextAppender interfaces. * net/url: URL now also implements the encoding.BinaryAppender interface. * os/user: On Windows, Current can now be used in Windows Nano Server. The implementation has been updated to avoid using functions from the NetApi32 library, which is not available in Nano Server. * os/user: On Windows, Current, Lookup and LookupId now support the following built-in service user accounts: NT AUTHORITY\SYSTEM, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE * os/user: On Windows, Current has been made considerably faster when the current user is joined to a slow domain, which is the usual case for many corporate users. The new implementation performance is now in the order of milliseconds, compared to the previous implementation which could take several seconds, or even minutes, to complete. * os/user: On Windows, Current now returns the process owner user when the current thread is impersonating another user. Previously, it returned an error. * regexp: Regexp now implements the encoding.TextAppender interface. * runtime: The GOROOT function is now deprecated. In new code prefer to use the system path to locate the 'go' binary, and use go env GOROOT to find its GOROOT. * strings: The strings package adds several functions that work with iterators. * strings: Lines returns an iterator over the newline-terminated lines in a string. * strings: SplitSeq returns an iterator over all substrings of a string split around a separator. * strings: SplitAfterSeq returns an iterator over substrings of a string split after each instance of a separator. * strings: FieldsSeq returns an iterator over substrings of a string split around runs of whitespace characters, as defined by unicode.IsSpace. * strings: FieldsFuncSeq returns an iterator over substrings of a string split around runs of Unicode code points satisfying a predicate. * sync: The implementation of sync.Map has been changed, improving performance, particularly for map modifications. For instance, modifications of disjoint sets of keys are much less likely to contend on larger maps, and there is no longer any ramp-up time required to achieve low-contention loads from the map. If you encounter any problems, set GOEXPERIMENT=nosynchashtriemap at build time to switch back to the old implementation and please file an issue. * testing: The new T.Context and B.Context methods return a context that's canceled after the test completes and before test cleanup functions run. * testing: The new T.Chdir and B.Chdir methods can be used to change the working directory for the duration of a test or benchmark. * text/template: Templates now support range-over-func and range-over-int. * time: Time now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * Linux port: As announced in the Go 1.23 release notes, Go 1.24 requires Linux kernel version 3.2 or later. * Darwin port: Go 1.24 is the last release that will run on macOS 11 Big Sur. Go 1.25 will require macOS 12 Monterey or later. * WebAssembly: The go:wasmexport compiler directive is added for Go programs to export functions to the WebAssembly host. * WebAssembly: On WebAssembly System Interface Preview 1 (GOOS=wasip1 GOARCH=wasm), Go 1.24 supports building a Go program as a reactor/library, by specifying the -buildmode=c-shared build flag. * WebAssembly: More types are now permitted as argument or result types for go:wasmimport functions. Specifically, bool, string, uintptr, and pointers to certain types are allowed (see the documentation for detail), along with 32-bit and 64-bit integer and float types, and unsafe.Pointer, which are already allowed. These types are also permitted as argument or result types for go:wasmexport functions. * WebAssembly: The support files for WebAssembly have been moved to lib/wasm from misc/wasm. * Windows: The 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been marked broken. See issue go#70705 for details. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - go1.24-doc-1.24.0-150000.1.9.1 added - libsystemd0-254.23-150600.4.25.1 updated - go1.24-1.24.0-150000.1.9.1 added - go1.24-race-1.24.0-150000.1.9.1 added - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated - go1.23-1.23.6-150000.1.21.1 removed - go1.23-doc-1.23.6-150000.1.21.1 removed - go1.23-race-1.23.6-150000.1.21.1 removed From sle-container-updates at lists.suse.com Tue Feb 18 13:02:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:02:10 +0100 (CET) Subject: SUSE-CU-2025:1046-1: Security update of bci/openjdk-devel Message-ID: <20250218130210.CA93AFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1046-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.3 , bci/openjdk-devel:latest Container Release : 33.3 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:bci-openjdk-21-14d2a48bd329c6ed156187407b7e8984223b528c44e81364269683834214e587-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:02:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:02:56 +0100 (CET) Subject: SUSE-CU-2025:1039-1: Security update of bci/python Message-ID: <20250218130256.09BA0FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1039-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.1 , bci/python:latest Container Release : 62.1 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:03:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:03:18 +0100 (CET) Subject: SUSE-CU-2025:1048-1: Security update of bci/python Message-ID: <20250218130318.270B8FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1048-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.27 Container Release : 60.27 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:03:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:03:30 +0100 (CET) Subject: SUSE-CU-2025:1049-1: Recommended update of suse/rmt-server Message-ID: <20250218130330.22891FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1049-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.5 , suse/rmt-server:latest Container Release : 36.5 Severity : moderate Type : recommended References : 1229228 1233752 1234313 1234765 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - libudev1-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:03:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:03:54 +0100 (CET) Subject: SUSE-CU-2025:1050-1: Recommended update of bci/ruby Message-ID: <20250218130354.1AE7AFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1050-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.28 , bci/ruby:latest Container Release : 31.28 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:05:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:05:21 +0100 (CET) Subject: SUSE-CU-2025:1053-1: Security update of containers/python Message-ID: <20250218130521.2AEA1FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1053-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.24 Container Release : 44.24 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:05:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:05:28 +0100 (CET) Subject: SUSE-CU-2025:1054-1: Security update of containers/python Message-ID: <20250218130528.3A024FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1054-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.25 Container Release : 51.25 Severity : important Type : security References : 1236878 CVE-2024-12133 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:07:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:07:19 +0100 (CET) Subject: SUSE-CU-2025:1059-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250218130719.2DE61FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1059-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.27 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:08:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:08:05 +0100 (CET) Subject: SUSE-CU-2025:1060-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250218130805.3608AFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1060-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.14 , suse/manager/4.3/proxy-squid:4.3.14.9.59.17 , suse/manager/4.3/proxy-squid:latest Container Release : 9.59.17 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:08:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:08:52 +0100 (CET) Subject: SUSE-CU-2025:1061-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250218130852.4D38FFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1061-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.18 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.18 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:09:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:09:39 +0100 (CET) Subject: SUSE-CU-2025:1062-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250218130939.5EACDFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1062-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.14 , suse/manager/4.3/proxy-tftpd:4.3.14.9.50.19 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.50.19 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:11:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:11:05 +0100 (CET) Subject: SUSE-CU-2025:1063-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250218131105.5BFB0FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1063-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.81 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.81 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Tue Feb 18 13:15:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 18 Feb 2025 14:15:25 +0100 (CET) Subject: SUSE-CU-2025:1065-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250218131525.9009FFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1065-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.83 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.83 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:02:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:02:51 +0100 (CET) Subject: SUSE-CU-2025:1066-1: Security update of containers/milvus Message-ID: <20250219080251.AF8CCFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1066-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.41 Container Release : 7.41 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - boost-license1_86_0-1.86.0-150600.1.6 updated - libaws-c-common1-0.9.28-150600.1.8 updated - libfmt9-9.1.0-150600.1.8 updated - libgflags2_2-2.2.2-150600.1.8 updated - libopentracing-cpp1-1.6.0-150600.1.8 updated - libsimdjson22-v3.9.5-150600.1.8 updated - libtbb12-2021.13.0-150600.1.7 updated - liburing2-2.6-150600.1.8 updated - libzstd1-1.5.6-150600.1.7 updated - minio-client-20241008T093726Z-150600.1.11 updated - libboost_program_options1_86_0-1.86.0-150600.1.6 updated - libboost_filesystem1_86_0-1.86.0-150600.1.6 updated - libboost_context1_86_0-1.86.0-150600.1.6 updated - libaws-checksums1-0.1.20-150600.1.9 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.8 updated - libaws-c-compression1_0_0-0.2.18-150600.1.7 updated - libglog-4-0-0.4.0-150600.1.8 updated - libprotobuf3_21_12-21.12-150600.1.9 updated - libprotobuf25_5_0-25.5-150600.2.33 updated - librocksdb6-6.29.5-150600.2.7 updated - libthrift-0_17_0-0.17.0-150600.1.9 updated - libs2n0unstable-1.5.1-150600.1.8 updated - libaws-c-cal0unstable-0.7.4-150600.1.7 updated - libfolly0-2023.10.30.00-150600.1.7 updated - libaws-c-io0unstable-0.14.18-150600.1.7 updated - libarrow1700-17.0.0-150600.2.9 updated - libaws-c-http1_0_0-0.8.10-150600.1.8 updated - libaws-c-event-stream1-0.4.2-150600.1.7 updated - libparquet1700-17.0.0-150600.2.9 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.8 updated - libaws-c-auth1_0_0-0.7.31-150600.1.7 updated - librdkafka1-2.3.0-150600.1.6 updated - libprometheus-cpp0_13-0.13.0-150600.1.8 updated - libaws-c-s3-0unstable-0.6.6-150600.1.8 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.7 updated - libaws-crt-cpp1-0.28.3-150600.1.8 updated - aws-sdk-cpp-libs-1.11.412-150600.1.7 updated - milvus-cppcpu-2.4.6-150600.1.8 updated - milvus-2.4.6-150600.1.13 updated - container:registry.suse.com-bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:03:42 +0100 (CET) Subject: SUSE-CU-2025:1067-1: Security update of containers/ollama Message-ID: <20250219080342.13254FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1067-1 Container Tags : containers/ollama:0.5 , containers/ollama:0.5.7 , containers/ollama:0.5.7-6.11 Container Release : 6.11 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - cuda-cccl-12-5-12.5.39-150600.2.2 updated - cuda-crt-12-5-12.5.82-150600.2.2 updated - cuda-nvvm-12-5-12.5.82-150600.2.2 updated - cuda-toolkit-12-5-config-common-12.5.82-150600.2.2 updated - cuda-toolkit-12-config-common-12.5.82-150600.2.2 updated - cuda-toolkit-config-common-12.5.82-150600.2.2 updated - libcublas-12-5-12.5.3.2-150600.1.10 updated - cuda-cudart-12-5-12.5.82-150600.2.2 updated - cuda-driver-devel-12-5-12.5.82-150600.1.11 updated - ollama-nvidia-0.5.7-150600.1.2 updated - container:registry.suse.com-bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:05:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:05:25 +0100 (CET) Subject: SUSE-IU-2025:632-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250219080526.00DC8FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:632-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.145 , suse/sle-micro/base-5.5:latest Image Release : 5.8.145 Severity : important Type : security References : 1194869 1216813 1223384 1225736 1226848 1226980 1228537 1228592 1230341 1230432 1230527 1230697 1231088 1231847 1232914 1233028 1233055 1233097 1233103 1233112 1233464 1233488 1233642 1233778 1234024 1234025 1234078 1234087 1234153 1234155 1234223 1234381 1234683 1234690 1234825 1234829 1234832 1234884 1234889 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234962 1234999 1235002 1235009 1235011 1235053 1235057 1235059 1235100 1235122 1235123 1235133 1235134 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235491 1235495 1235496 1235521 1235557 1235563 1235570 1235584 1235611 1235635 1235641 1235643 1235645 1235647 1235723 1235739 1235747 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235920 1235969 1236628 CVE-2024-26758 CVE-2024-26943 CVE-2024-36898 CVE-2024-38599 CVE-2024-41047 CVE-2024-45019 CVE-2024-46858 CVE-2024-50051 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50299 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53127 CVE-2024-53129 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53174 CVE-2024-53177 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-8805 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:577-1 Released: Tue Feb 18 13:51:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). The following package changes have been done: - kernel-default-5.14.21-150500.55.94.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:05:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:05:49 +0100 (CET) Subject: SUSE-IU-2025:633-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250219080549.C21A1FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:633-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.280 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.280 Severity : important Type : security References : 1194869 1216813 1223384 1225736 1226848 1226980 1228537 1228592 1230341 1230432 1230527 1230697 1231088 1231847 1232914 1233028 1233055 1233097 1233103 1233112 1233464 1233488 1233642 1233778 1234024 1234025 1234078 1234087 1234153 1234155 1234223 1234381 1234683 1234690 1234825 1234829 1234832 1234884 1234889 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234962 1234999 1235002 1235009 1235011 1235053 1235057 1235059 1235100 1235122 1235123 1235133 1235134 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235491 1235495 1235496 1235521 1235557 1235563 1235570 1235584 1235611 1235635 1235641 1235643 1235645 1235647 1235723 1235739 1235747 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235920 1235969 1236628 CVE-2024-26758 CVE-2024-26943 CVE-2024-36898 CVE-2024-38599 CVE-2024-41047 CVE-2024-45019 CVE-2024-46858 CVE-2024-50051 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50299 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53127 CVE-2024-53129 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53174 CVE-2024-53177 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53227 CVE-2024-53229 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-8805 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:577-1 Released: Tue Feb 18 13:51:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.94.1.150500.6.43.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.145 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:14:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:14:00 +0100 (CET) Subject: SUSE-CU-2025:1073-1: Recommended update of suse/389-ds Message-ID: <20250219081400.451A8FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1073-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-52.11 , suse/389-ds:latest Container Release : 52.11 Severity : moderate Type : recommended References : 1230852 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:584-1 Released: Tue Feb 18 16:11:39 2025 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1230852 This update for 389-ds fixes the following issues: - persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852). - Version update v2.2.10~git55.6a75e944: The following package changes have been done: - libsvrcore0-2.2.10~git55.6a75e944-150600.8.13.2 updated - lib389-2.2.10~git55.6a75e944-150600.8.13.2 updated - 389-ds-2.2.10~git55.6a75e944-150600.8.13.2 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:14:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:14:08 +0100 (CET) Subject: SUSE-CU-2025:1074-1: Security update of bci/bci-busybox Message-ID: <20250219081408.E609DFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1074-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.30.2 , bci/bci-busybox:latest Container Release : 30.2 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:14:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:14:13 +0100 (CET) Subject: SUSE-CU-2025:1075-1: Security update of suse/cosign Message-ID: <20250219081413.11D79FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1075-1 Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.23 , suse/cosign:latest Container Release : 8.23 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:14:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:14:31 +0100 (CET) Subject: SUSE-CU-2025:1076-1: Security update of suse/registry Message-ID: <20250219081431.70D8EFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1076-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-33.19 , suse/registry:latest Container Release : 33.19 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:14:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:14:42 +0100 (CET) Subject: SUSE-CU-2025:1077-1: Security update of bci/gcc Message-ID: <20250219081442.A3C63FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1077-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.25 , bci/gcc:latest Container Release : 8.25 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:15:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:15:01 +0100 (CET) Subject: SUSE-CU-2025:1078-1: Security update of suse/git Message-ID: <20250219081501.7A5BBFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1078-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.16 , suse/git:latest Container Release : 36.16 Severity : moderate Type : security References : 1237040 1237041 CVE-2025-26465 CVE-2025-26466 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). The following package changes have been done: - openssh-common-9.6p1-150600.6.15.2 updated - openssh-clients-9.6p1-150600.6.15.2 updated - container:suse-sle15-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated - container:registry.suse.com-bci-bci-micro-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:15:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:15:02 +0100 (CET) Subject: SUSE-CU-2025:1079-1: Security update of suse/git Message-ID: <20250219081502.172E8FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1079-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.18 , suse/git:latest Container Release : 36.18 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:15:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:15:17 +0100 (CET) Subject: SUSE-CU-2025:1080-1: Security update of bci/golang Message-ID: <20250219081517.EBCAAFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1080-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-2.34.6 , bci/golang:oldstable , bci/golang:oldstable-2.34.6 Container Release : 34.6 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:15:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:15:37 +0100 (CET) Subject: SUSE-CU-2025:1081-1: Security update of bci/golang Message-ID: <20250219081537.2BF10FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1081-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.27 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.27 Container Release : 55.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:15:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:15:55 +0100 (CET) Subject: SUSE-CU-2025:1082-1: Security update of bci/golang Message-ID: <20250219081555.CEC14FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1082-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.0 , bci/golang:1.24.0-1.34.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.6 Container Release : 34.6 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:16:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:16:16 +0100 (CET) Subject: SUSE-CU-2025:1083-1: Security update of bci/golang Message-ID: <20250219081616.98929FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1083-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.26 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.26 Container Release : 55.26 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:16:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:16:28 +0100 (CET) Subject: SUSE-CU-2025:1084-1: Security update of suse/helm Message-ID: <20250219081628.AD880FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1084-1 Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-39.15 , suse/helm:latest Container Release : 39.15 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:17:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:17:14 +0100 (CET) Subject: SUSE-CU-2025:1086-1: Security update of bci/kiwi Message-ID: <20250219081714.184B1FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1086-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.11 , bci/kiwi:latest Container Release : 21.11 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:17:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:17:15 +0100 (CET) Subject: SUSE-CU-2025:1087-1: Security update of suse/kubectl Message-ID: <20250219081715.2178EFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1087-1 Container Tags : suse/kubectl:1.28 , suse/kubectl:1.28 , suse/kubectl:1.28.13 , suse/kubectl:1.28.13-38.10 , suse/kubectl:latest Container Release : 38.10 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:17:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:17:25 +0100 (CET) Subject: SUSE-CU-2025:1088-1: Security update of bci/bci-micro Message-ID: <20250219081725.6E23DFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1088-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.30.2 , bci/bci-micro:latest Container Release : 30.2 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:17:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:17:37 +0100 (CET) Subject: SUSE-CU-2025:1089-1: Security update of bci/bci-minimal Message-ID: <20250219081737.D7FFAFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1089-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.32.6 , bci/bci-minimal:latest Container Release : 32.6 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Sat Feb 1 08:04:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 01 Feb 2025 08:04:07 -0000 Subject: SUSE-IU-2025:463-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250201080404.E188FFBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:463-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.43 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 4.43 Severity : important Type : security References : 1012628 1065729 1082555 1194869 1215199 1217845 1218562 1218644 1219596 1219803 1220355 1220382 1221309 1222423 1222587 1222590 1223112 1223384 1223656 1223700 1223733 1223824 1223848 1224088 1224429 1224518 1224548 1224574 1224948 1225611 1225713 1225725 1225730 1225742 1225764 1225768 1225813 1225903 1226003 1226130 1226498 1226623 1226631 1226748 1226797 1226848 1226872 1227726 1227842 1228119 1228244 1228269 1228410 1228430 1228454 1228537 1228620 1228743 1228747 1228850 1228857 1229019 1229165 1229429 1229450 1229585 1229677 1229769 1229808 1229891 1230055 1230132 1230179 1230220 1230231 1230289 1230295 1230339 1230341 1230375 1230414 1230429 1230456 1230501 1230527 1230550 1230557 1230558 1230600 1230620 1230710 1230733 1230762 1230763 1230773 1230774 1230801 1230807 1230817 1230827 1230831 1230914 1230918 1230971 1231016 1231035 1231072 1231073 1231075 1231076 1231081 1231082 1231083 1231084 1231085 1231087 1231089 1231092 1231093 1231094 1231096 1231098 1231100 1231101 1231102 1231105 1231108 1231111 1231114 1231115 1231116 1231117 1231131 1231132 1231135 1231136 1231138 1231148 1231169 1231170 1231171 1231178 1231179 1231182 1231183 1231187 1231191 1231193 1231195 1231197 1231200 1231202 1231203 1231276 1231293 1231384 1231434 1231435 1231436 1231439 1231440 1231441 1231442 1231452 1231453 1231465 1231474 1231481 1231496 1231502 1231537 1231539 1231540 1231541 1231617 1231630 1231634 1231635 1231636 1231637 1231638 1231639 1231640 1231673 1231828 1231849 1231855 1231856 1231857 1231858 1231859 1231860 1231861 1231864 1231865 1231868 1231869 1231871 1231872 1231901 1231902 1231903 1231904 1231906 1231907 1231908 1231914 1231916 1231920 1231924 1231926 1231930 1231931 1231935 1231942 1231944 1231946 1231947 1231950 1231951 1231952 1231953 1231954 1231955 1231956 1231957 1231965 1231967 1231968 1231987 1231988 1231989 1231990 1231998 1232000 1232003 1232009 1232013 1232015 1232016 1232017 1232018 1232033 1232034 1232036 1232043 1232047 1232048 1232049 1232050 1232056 1232075 1232076 1232079 1232080 1232083 1232084 1232085 1232089 1232090 1232093 1232094 1232096 1232097 1232098 1232103 1232104 1232105 1232109 1232111 1232114 1232116 1232117 1232124 1232126 1232127 1232129 1232130 1232131 1232132 1232134 1232135 1232140 1232141 1232142 1232145 1232147 1232148 1232149 1232151 1232152 1232154 1232155 1232156 1232157 1232159 1232160 1232162 1232164 1232165 1232166 1232174 1232180 1232182 1232183 1232185 1232187 1232189 1232192 1232195 1232196 1232198 1232199 1232200 1232201 1232207 1232208 1232217 1232218 1232220 1232221 1232222 1232224 1232232 1232250 1232251 1232253 1232254 1232255 1232256 1232258 1232259 1232260 1232262 1232263 1232264 1232272 1232275 1232279 1232282 1232285 1232287 1232295 1232305 1232307 1232309 1232310 1232312 1232313 1232314 1232315 1232316 1232317 1232318 1232329 1232332 1232333 1232334 1232335 1232337 1232339 1232340 1232342 1232345 1232349 1232352 1232354 1232355 1232357 1232358 1232359 1232361 1232362 1232366 1232367 1232368 1232369 1232370 1232371 1232374 1232378 1232381 1232383 1232385 1232386 1232387 1232392 1232394 1232395 1232396 1232413 1232416 1232417 1232418 1232424 1232427 1232432 1232435 1232436 1232442 1232446 1232483 1232494 1232498 1232499 1232500 1232501 1232502 1232503 1232504 1232505 1232506 1232507 1232511 1232519 1232520 1232529 1232552 1232623 1232626 1232627 1232628 1232629 1232704 1232757 1232768 1232819 1232823 1232860 1232869 1232870 1232873 1232876 1232877 1232878 1232880 1232881 1232884 1232885 1232887 1232888 1232890 1232892 1232894 1232896 1232897 1232905 1232907 1232914 1232919 1232925 1232926 1232928 1232935 1233029 1233032 1233035 1233036 1233041 1233044 1233049 1233050 1233051 1233056 1233057 1233061 1233062 1233063 1233065 1233067 1233070 1233073 1233074 1233088 1233091 1233092 1233097 1233100 1233103 1233104 1233105 1233106 1233107 1233108 1233110 1233111 1233113 1233114 1233115 1233117 1233119 1233123 1233125 1233127 1233129 1233130 1233132 1233135 1233176 1233179 1233185 1233188 1233189 1233191 1233193 1233197 1233201 1233203 1233204 1233205 1233206 1233207 1233208 1233209 1233210 1233211 1233212 1233216 1233217 1233219 1233226 1233238 1233241 1233244 1233253 1233255 1233293 1233298 1233305 1233320 1233350 1233443 1233452 1233453 1233454 1233456 1233457 1233458 1233460 1233462 1233463 1233464 1233465 1233468 1233471 1233476 1233478 1233479 1233481 1233484 1233485 1233487 1233490 1233491 1233523 1233524 1233540 1233547 1233548 1233550 1233552 1233553 1233554 1233555 1233557 1233560 1233561 1233564 1233566 1233567 1233568 1233570 1233572 1233573 1233577 1233580 1233640 1233641 1233642 1233721 1233754 1233756 1233769 1233771 1233977 1234009 1234011 1234012 1234025 1234039 1234040 1234041 1234042 1234043 1234044 1234045 1234046 1234072 1234078 1234081 1234083 1234085 1234087 1234093 1234098 1234108 1234121 1234223 CVE-2023-52766 CVE-2023-52778 CVE-2023-52800 CVE-2023-52881 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922 CVE-2023-6270 CVE-2024-26596 CVE-2024-26703 CVE-2024-26741 CVE-2024-26758 CVE-2024-26761 CVE-2024-26767 CVE-2024-26782 CVE-2024-26864 CVE-2024-26943 CVE-2024-26953 CVE-2024-27017 CVE-2024-27026 CVE-2024-27043 CVE-2024-27407 CVE-2024-35888 CVE-2024-35980 CVE-2024-36000 CVE-2024-36031 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883 CVE-2024-36886 CVE-2024-36905 CVE-2024-36920 CVE-2024-36927 CVE-2024-36954 CVE-2024-36968 CVE-2024-38576 CVE-2024-38577 CVE-2024-38589 CVE-2024-38599 CVE-2024-40914 CVE-2024-41016 CVE-2024-41023 CVE-2024-41031 CVE-2024-41047 CVE-2024-41082 CVE-2024-42102 CVE-2024-42145 CVE-2024-44932 CVE-2024-44958 CVE-2024-44964 CVE-2024-44995 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46680 CVE-2024-46681 CVE-2024-46721 CVE-2024-46754 CVE-2024-46765 CVE-2024-46766 CVE-2024-46770 CVE-2024-46775 CVE-2024-46777 CVE-2024-46788 CVE-2024-46797 CVE-2024-46800 CVE-2024-46802 CVE-2024-46803 CVE-2024-46804 CVE-2024-46805 CVE-2024-46806 CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46825 CVE-2024-46826 CVE-2024-46827 CVE-2024-46828 CVE-2024-46830 CVE-2024-46831 CVE-2024-46834 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843 CVE-2024-46845 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849 CVE-2024-46851 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857 CVE-2024-46859 CVE-2024-46860 CVE-2024-46861 CVE-2024-46864 CVE-2024-46870 CVE-2024-46871 CVE-2024-47658 CVE-2024-47660 CVE-2024-47661 CVE-2024-47662 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666 CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47675 CVE-2024-47679 CVE-2024-47681 CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686 CVE-2024-47687 CVE-2024-47688 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701 CVE-2024-47702 CVE-2024-47703 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47714 CVE-2024-47715 CVE-2024-47718 CVE-2024-47719 CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47731 CVE-2024-47732 CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47741 CVE-2024-47742 CVE-2024-47743 CVE-2024-47744 CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47750 CVE-2024-47751 CVE-2024-47752 CVE-2024-47753 CVE-2024-47754 CVE-2024-47756 CVE-2024-47757 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49853 CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49862 CVE-2024-49863 CVE-2024-49864 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49874 CVE-2024-49875 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49886 CVE-2024-49888 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49898 CVE-2024-49899 CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905 CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917 CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923 CVE-2024-49925 CVE-2024-49928 CVE-2024-49929 CVE-2024-49930 CVE-2024-49931 CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49937 CVE-2024-49938 CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947 CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49953 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49961 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969 CVE-2024-49972 CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49976 CVE-2024-49981 CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49986 CVE-2024-49987 CVE-2024-49989 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003 CVE-2024-50004 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009 CVE-2024-50012 CVE-2024-50013 CVE-2024-50014 CVE-2024-50015 CVE-2024-50017 CVE-2024-50019 CVE-2024-50020 CVE-2024-50021 CVE-2024-50022 CVE-2024-50023 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50027 CVE-2024-50028 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50040 CVE-2024-50041 CVE-2024-50042 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50060 CVE-2024-50061 CVE-2024-50062 CVE-2024-50063 CVE-2024-50064 CVE-2024-50067 CVE-2024-50069 CVE-2024-50073 CVE-2024-50074 CVE-2024-50075 CVE-2024-50076 CVE-2024-50077 CVE-2024-50078 CVE-2024-50080 CVE-2024-50081 CVE-2024-50082 CVE-2024-50084 CVE-2024-50087 CVE-2024-50088 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50100 CVE-2024-50101 CVE-2024-50102 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50121 CVE-2024-50124 CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50130 CVE-2024-50131 CVE-2024-50134 CVE-2024-50135 CVE-2024-50136 CVE-2024-50138 CVE-2024-50139 CVE-2024-50141 CVE-2024-50145 CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50157 CVE-2024-50158 CVE-2024-50159 CVE-2024-50160 CVE-2024-50166 CVE-2024-50167 CVE-2024-50169 CVE-2024-50171 CVE-2024-50172 CVE-2024-50175 CVE-2024-50176 CVE-2024-50177 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50200 CVE-2024-50201 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50210 CVE-2024-50215 CVE-2024-50216 CVE-2024-50218 CVE-2024-50221 CVE-2024-50224 CVE-2024-50225 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50231 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50240 CVE-2024-50245 CVE-2024-50246 CVE-2024-50248 CVE-2024-50249 CVE-2024-50250 CVE-2024-50252 CVE-2024-50255 CVE-2024-50257 CVE-2024-50261 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271 CVE-2024-50273 CVE-2024-50274 CVE-2024-50275 CVE-2024-50276 CVE-2024-50279 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53045 CVE-2024-53048 CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53074 CVE-2024-53076 CVE-2024-53079 CVE-2024-53081 CVE-2024-53082 CVE-2024-53085 CVE-2024-53088 CVE-2024-53093 CVE-2024-53094 CVE-2024-53095 CVE-2024-53096 CVE-2024-53100 CVE-2024-53101 CVE-2024-53104 CVE-2024-53106 CVE-2024-53108 CVE-2024-53110 CVE-2024-53112 CVE-2024-53114 CVE-2024-53121 CVE-2024-53138 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-1 Released: Fri Jan 31 13:18:46 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1082555,1194869,1215199,1217845,1218562,1218644,1219596,1219803,1220355,1220382,1221309,1222423,1222587,1222590,1223112,1223384,1223656,1223700,1223733,1223824,1223848,1224088,1224429,1224518,1224548,1224574,1224948,1225611,1225713,1225725,1225730,1225742,1225764,1225768,1225813,1225903,1226003,1226130,1226498,1226623,1226631,1226748,1226797,1226848,1226872,1227726,1227842,1228119,1228244,1228269,1228410,1228430,1228454,1228537,1228620,1228743,1228747,1228850,1228857,1229019,1229165,1229429,1229450,1229585,1229677,1229769,1229808,1229891,1230055,1230132,1230179,1230220,1230231,1230289,1230295,1230339,1230341,1230375,1230414,1230429,1230456,1230501,1230527,1230550,1230557,1230558,1230600,1230620,1230710,1230733,1230762,1230763,1230773,1230774,1230801,1230807,1230817,1230827,1230831,1230914,1230918,1230971,1231016,1231035,1231072,1231073,1231075,1231076,1231081,1231082,1231083,1231084,1231085,1231087,1231089,1231092,1231093,1231094,1231096,1231098,1231100,1 231101,1231102,1231105,1231108,1231111,1231114,1231115,1231116,1231117,1231131,1231132,1231135,1231136,1231138,1231148,1231169,1231170,1231171,1231178,1231179,1231182,1231183,1231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231276,1231293,1231384,1231434,1231435,1231436,1231439,1231440,1231441,1231442,1231452,1231453,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231617,1231630,1231634,1231635,1231636,1231637,1231638,1231639,1231640,1231673,1231828,1231849,1231855,1231856,1231857,1231858,1231859,1231860,1231861,1231864,1231865,1231868,1231869,1231871,1231872,1231901,1231902,1231903,1231904,1231906,1231907,1231908,1231914,1231916,1231920,1231924,1231926,1231930,1231931,1231935,1231942,1231944,1231946,1231947,1231950,1231951,1231952,1231953,1231954,1231955,1231956,1231957,1231965,1231967,1231968,1231987,1231988,1231989,1231990,1231998,1232000,1232003,1232009,1232013,1232015,1232016,1232017,1232018,1232033,1232034,1232036,1232043,1232047,123204 8,1232049,1232050,1232056,1232075,1232076,1232079,1232080,1232083,1232084,1232085,1232089,1232090,1232093,1232094,1232096,1232097,1232098,1232103,1232104,1232105,1232109,1232111,1232114,1232116,1232117,1232124,1232126,1232127,1232129,1232130,1232131,1232132,1232134,1232135,1232140,1232141,1232142,1232145,1232147,1232148,1232149,1232151,1232152,1232154,1232155,1232156,1232157,1232159,1232160,1232162,1232164,1232165,1232166,1232174,1232180,1232182,1232183,1232185,1232187,1232189,1232192,1232195,1232196,1232198,1232199,1232200,1232201,1232207,1232208,1232217,1232218,1232220,1232221,1232222,1232224,1232232,1232250,1232251,1232253,1232254,1232255,1232256,1232258,1232259,1232260,1232262,1232263,1232264,1232272,1232275,1232279,1232282,1232285,1232287,1232295,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232315,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232340,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,123 2362,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,1232383,1232385,1232386,1232387,1232392,1232394,1232395,1232396,1232413,1232416,1232417,1232418,1232424,1232427,1232432,1232435,1232436,1232442,1232446,1232483,1232494,1232498,1232499,1232500,1232501,1232502,1232503,1232504,1232505,1232506,1232507,1232511,1232519,1232520,1232529,1232552,1232623,1232626,1232627,1232628,1232629,1232704,1232757,1232768,1232819,1232823,1232860,1232869,1232870,1232873,1232876,1232877,1232878,1232880,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232894,1232896,1232897,1232905,1232907,1232914,1232919,1232925,1232926,1232928,1232935,1233029,1233032,1233035,1233036,1233041,1233044,1233049,1233050,1233051,1233056,1233057,1233061,1233062,1233063,1233065,1233067,1233070,1233073,1233074,1233088,1233091,1233092,1233097,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233115,1233117,1233119,1233123,1233125,1233127,1233129,1233130,1233132, 1233135,1233176,1233179,1233185,1233188,1233189,1233191,1233193,1233197,1233201,1233203,1233204,1233205,1233206,1233207,1233208,1233209,1233210,1233211,1233212,1233216,1233217,1233219,1233226,1233238,1233241,1233244,1233253,1233255,1233293,1233298,1233305,1233320,1233350,1233443,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233464,1233465,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233485,1233487,1233490,1233491,1233523,1233524,1233540,1233547,1233548,1233550,1233552,1233553,1233554,1233555,1233557,1233560,1233561,1233564,1233566,1233567,1233568,1233570,1233572,1233573,1233577,1233580,1233640,1233641,1233642,1233721,1233754,1233756,1233769,1233771,1233977,1234009,1234011,1234012,1234025,1234039,1234040,1234041,1234042,1234043,1234044,1234045,1234046,1234072,1234078,1234081,1234083,1234085,1234087,1234093,1234098,1234108,1234121,1234223,CVE-2023-52766,CVE-2023-52778,CVE-2023-52800,CVE-2023-52881,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE- 2023-52920,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26596,CVE-2024-26703,CVE-2024-26741,CVE-2024-26758,CVE-2024-26761,CVE-2024-26767,CVE-2024-26782,CVE-2024-26864,CVE-2024-26943,CVE-2024-26953,CVE-2024-27017,CVE-2024-27026,CVE-2024-27043,CVE-2024-27407,CVE-2024-35888,CVE-2024-35980,CVE-2024-36000,CVE-2024-36031,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36920,CVE-2024-36927,CVE-2024-36954,CVE-2024-36968,CVE-2024-38576,CVE-2024-38577,CVE-2024-38589,CVE-2024-38599,CVE-2024-40914,CVE-2024-41016,CVE-2024-41023,CVE-2024-41031,CVE-2024-41047,CVE-2024-41082,CVE-2024-42102,CVE-2024-42145,CVE-2024-44932,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-46680,CVE-2024-46681,CVE-2024-46721,CVE-2024-46754,CVE-2024-46765,CVE-2024-46766,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46788,CVE-2024-46797,CVE-2024-46800,CVE-2024-46802,CVE-2024-46803,CVE-2024-46804,CVE-2024-46805,CVE-2024-468 06,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46825,CVE-2024-46826,CVE-2024-46827,CVE-2024-46828,CVE-2024-46830,CVE-2024-46831,CVE-2024-46834,CVE-2024-46835,CVE-2024-46836,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46843,CVE-2024-46845,CVE-2024-46846,CVE-2024-46848,CVE-2024-46849,CVE-2024-46851,CVE-2024-46852,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46860,CVE-2024-46861,CVE-2024-46864,CVE-2024-46870,CVE-2024-46871,CVE-2024-47658,CVE-2024-47660,CVE-2024-47661,CVE-2024-47662,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47666,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47675,CVE-2024-47679,CVE-2024-47681,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47686,CVE-2024-47687,CVE- 2024-47688,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47702,CVE-2024-47703,CVE-2024-47704,CVE-2024-47705,CVE-2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47714,CVE-2024-47715,CVE-2024-47718,CVE-2024-47719,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47731,CVE-2024-47732,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47741,CVE-2024-47742,CVE-2024-47743,CVE-2024-47744,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47750,CVE-2024-47751,CVE-2024-47752,CVE-2024-47753,CVE-2024-47754,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49853,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49862,CVE-2024-49863,CVE-2024-49864,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49874,CVE-2024-49 875,CVE-2024-49877,CVE-2024-49878,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49888,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49898,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49925,CVE-2024-49928,CVE-2024-49929,CVE-2024-49930,CVE-2024-49931,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49937,CVE-2024-49938,CVE-2024-49939,CVE-2024-49944,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49952,CVE-2024-49953,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49961,CVE-2024-49962,CVE -2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49972,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49976,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49986,CVE-2024-49987,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50004,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50012,CVE-2024-50013,CVE-2024-50014,CVE-2024-50015,CVE-2024-50017,CVE-2024-50019,CVE-2024-50020,CVE-2024-50021,CVE-2024-50022,CVE-2024-50023,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50027,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50040,CVE-2024-50041,CVE-2024-50042,CVE-2024-50044,CVE-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50060,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50064,CVE-2024-5 0067,CVE-2024-50069,CVE-2024-50073,CVE-2024-50074,CVE-2024-50075,CVE-2024-50076,CVE-2024-50077,CVE-2024-50078,CVE-2024-50080,CVE-2024-50081,CVE-2024-50082,CVE-2024-50084,CVE-2024-50087,CVE-2024-50088,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50100,CVE-2024-50101,CVE-2024-50102,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50121,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50130,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50136,CVE-2024-50138,CVE-2024-50139,CVE-2024-50141,CVE-2024-50145,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50157,CVE-2024-50158,CVE-2024-50159,CVE-2024-50160,CVE-2024-50166,CVE-2024-50167,CVE-2024-50169,CVE-2024-50171,CVE-2024-50172,CVE-2024-50175,CVE-2024-50176,CVE-2024-50177,CVE-2024-50179,CVE-2024-50180,CVE-2024-50181,CVE-2024-50182,CV E-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50200,CVE-2024-50201,CVE-2024-50205,CVE-2024-50208,CVE-2024-50209,CVE-2024-50210,CVE-2024-50215,CVE-2024-50216,CVE-2024-50218,CVE-2024-50221,CVE-2024-50224,CVE-2024-50225,CVE-2024-50228,CVE-2024-50229,CVE-2024-50230,CVE-2024-50231,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50235,CVE-2024-50236,CVE-2024-50237,CVE-2024-50240,CVE-2024-50245,CVE-2024-50246,CVE-2024-50248,CVE-2024-50249,CVE-2024-50250,CVE-2024-50252,CVE-2024-50255,CVE-2024-50257,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50275,CVE-2024-50276,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50296,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53042,CVE-2024-53043,CVE-2024- 53045,CVE-2024-53048,CVE-2024-53051,CVE-2024-53052,CVE-2024-53055,CVE-2024-53056,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53072,CVE-2024-53074,CVE-2024-53076,CVE-2024-53079,CVE-2024-53081,CVE-2024-53082,CVE-2024-53085,CVE-2024-53088,CVE-2024-53093,CVE-2024-53094,CVE-2024-53095,CVE-2024-53096,CVE-2024-53100,CVE-2024-53101,CVE-2024-53104,CVE-2024-53106,CVE-2024-53108,CVE-2024-53110,CVE-2024-53112,CVE-2024-53114,CVE-2024-53121,CVE-2024-53138 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355). - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587). - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656). - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733). - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742). - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813). - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764). - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842). - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430). - CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620). - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557). - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807). - CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435). - CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode() and iput() (bsc#1231930). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920). - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869). - CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130). - CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868). - CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131). - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819). - CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256). - CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262). - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367). - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096). - CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093). - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258). - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385). - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318). - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079). - CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989). - CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957). - CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417). - CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435). - CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901). - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500). - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494). - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499). - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498). - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881). - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894). - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935). - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062). - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044). - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049). - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320). - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057). - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115). - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129). - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135). - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110). - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106). - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193). - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204). - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206). - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203). - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207). - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226). - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201). - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244). - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460). - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464). - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478). - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487). - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540). - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523). - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552). - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570). - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085). - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078). - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes). - ACPI: CPPC: Fix _CPC register setting issue (git-fixes). - ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes). - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes). - ACPI: battery: Simplify battery hook locking (stable-fixes). - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes). - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes). - ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes). - ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes). - ALSA: 6fire: Release resources at card release (git-fixes). - ALSA: Reorganize kerneldoc parameter names (stable-fixes). - ALSA: ac97: bus: Fix the mistake in the comment (git-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes). - ALSA: hda/conexant: fix some typos (stable-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803). - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes). - ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes). - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes). - ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298). - ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes). - ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298). - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298). - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes). - ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes). - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes). - ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes). - ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes). - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes). - ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes). - ALSA: hda: Show the codec quirk info at probing (stable-fixes). - ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes). - ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: line6: update contact information (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes). - ALSA: silence integer wrapping warning (stable-fixes). - ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes). - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768). - ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes). - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes). - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes). - ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes). - ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes). - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes). - ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes). - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes). - ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes). - ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305). - ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305). - ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305). - ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305). - ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305). - ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305). - ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305). - ASoC: SOF: Wire up buffer flags (bsc#1233305). - ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305). - ASoC: SOF: align topology header file with sof topology header (bsc#1233305). - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes). - ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes). - ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305). - ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305). - ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305). - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305). - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305). - ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305). - ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305). - ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305). - ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305). - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305). - ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305). - ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305). - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305). - ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes). - ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305). - ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305). - ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes). - ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes). - ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes). - ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes). - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes). - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes). - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes). - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes). - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes). - ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes). - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes). - ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes). - ASoC: fsl_micfil: Add sample rate constraint (stable-fixes). - ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes). - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: max98388: Fix missing increment of variable slot_found (git-fixes). - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes). - ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes). - ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes). - ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes). - ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes). - ASoC: tas2781: Use of_property_read_reg() (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: fix use-after-free in device_for_each_child() (git-fixes). - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes). - Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - Documentation: kgdb: Correct parameter error (git-fixes). - HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes). - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: core: zero-initialize the report buffer (git-fixes). - HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes). - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes). - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes). - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes). - HID: multitouch: Add support for B2402FVA track point (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes). - HID: wacom: fix when get product name maybe null pointer (git-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes). - Input: hideep - add missing dependency on REGMAP_I2C (git-fixes). - Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes). - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes). - Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes). - Input: xpad - add GameSir VID for Xbox One controllers (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes). - Input: xpad - add support for MSI Claw A1M (git-fixes). - Input: xpad - add support for Machenike G5 Pro Controller (git-fixes). - Input: xpad - fix support for some third-party controllers (git-fixes). - Input: xpad - sort xpad_device by vendor and product ID (git-fixes). - Input: xpad - spelling fixes for 'Xbox' (git-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199). - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199). - KVM: PPC: Book3S HV: remove unused varible (bsc#1194869). - KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207). - KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes). - KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes). - KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623). - KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes). - KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes). - KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes). - KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes). - KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes). - KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes). - KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes). - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFS: remove revoked delegation from server's delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add T_PVPERL macro (git-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Fix reset_method_store() memory leak (git-fixes). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes). - PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes). - PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes). - PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes). - PCI: rockchip-ep: Fix address translation unit programming (git-fixes). - RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559). - RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559). - RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559). - RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559). - RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes) - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes) - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes) - RDMA/bnxt_re: Fix out of bound check (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/hns: Add mutex_destroy() (git-fixes) - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes) - RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes) - RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes) - RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes) - RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes) - RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes) - RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes) - RDMA/hns: Use macro instead of magic number (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes) - RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes). - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/rxe: Fix the qp flush warnings in req (git-fixes) - RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes) - RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: Remove BUG_ON call sites (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (git-fixes). - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes). - USB: chaoskey: fail open after removal (git-fixes). - USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes). - USB: misc: cypress_cy7c63: check for short transfer (git-fixes). - USB: misc: yurex: fix race between read and write (git-fixes). - USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes). - USB: serial: io_edgeport: fix use after free in debug printk (git-fixes). - USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes). - USB: serial: option: add Quectel RG650V (stable-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes). - Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450). - accel/qaic: Fix the for loop used to walk SG table (git-fixes). - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes). - ad7780: fix division by zero in ad7780_write_raw() (git-fixes). - aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704). - amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes). - apparmor: fix 'Do simple duplicate message elimination' (git-fixes). - apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes). - apparmor: use kvfree_sensitive to free data->data (git-fixes). - arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes) - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes) - arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes) - arm64: dts: imx93: add nvmem property for eqos (git-fixes) - arm64: dts: imx93: add nvmem property for fec1 (git-fixes) - arm64: dts: imx93: add ocotp node (git-fixes) - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes) - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes) - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes) - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes) - arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes) - arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes) - arm64: dts: rockchip: remove num-slots property from (git-fixes) - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes) - arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes) - arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes). - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes) - arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes) - arm64: tegra: Move AGX Orin nodes to correct location (git-fixes) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes) - ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes). - ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes). - audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes). - audit: do not take task_lock() in audit_exe_compare() code path (git-fixes). - block: print symbolic error name instead of error code (bsc#1231872). - block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677). - bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes). - bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes). - bnxt_en: Fix the PCI-AER routines (git-fixes). - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes). - bnxt_en: refactor reset close code (git-fixes). - bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes) - bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes) - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix error message on kfunc arg type mismatch (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450). - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193) - btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes). - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes). - can: c_can: fix {rx,tx}_errors statistics (git-fixes). - can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes). - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes). - can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes). - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes). - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: j1939: j1939_session_new(): fix skb reference counting (git-fixes). - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes). - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes). - can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes). - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes). - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes). - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231384). - cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108). - clk: bcm: bcm53573: fix OF node leak in init (stable-fixes). - clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes). - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes). - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes). - clk: imx: clk-scu: fix clk enable state save and restore (git-fixes). - clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes). - clk: imx: fracn-gppll: fix pll power up (git-fixes). - clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes). - clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes). - clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes). - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes). - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes). - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes). - comedi: Flush partial mappings in error case (git-fixes). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - config s390x: build ultravisor userspace access into the kernel (bsc#1232090) - config.sh: Remove Arm build project, we do not build armv7 configs - config: Disable LAM on x86 (bsc#1217845) - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes). - cpufreq: loongson2: Unregister platform_driver on failure (git-fixes). - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes). - crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704). - crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes). - crypto: bcm - add error check in the ahash_hmac_init function (git-fixes). - crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes). - crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes). - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes). - crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes). - crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075) - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes). - crypto: octeontx - Fix authenc setkey (stable-fixes). - crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes). - crypto: octeontx2 - Fix authenc setkey (stable-fixes). - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes). - crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632). - crypto: qat - remove check after debugfs_create_dir() (git-fixes). - crypto: qat - remove faulty arbiter config reset (git-fixes). - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes). - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes). - cxgb4: Properly lock TX queue for the selftest (git-fixes). - cxgb4: add forgotten u64 ivlan cast before shift (git-fixes). - cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes). - cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165). - dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes). - debugfs: fix automount d_fsdata usage (git-fixes). - devlink: Fix command annotation documentation (git-fixes). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dma-fence: Use kernel's sort for merging fences (git-fixes). - dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes). - dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes). - doc: rcu: update printed dynticks counter bits (git-fixes). - driver core: bus: Fix double free in driver API bus_register() (stable-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes). - drm/amd/display: Add disable timeout option (bsc#1231435) - drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes). - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes). - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes). - drm/amd/display: Fix brightness level not retained over reboot (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes). - drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes). - drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Skip to enable dsc if it has been off (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes). - drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes). - drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu/swsmu: Only force workload setup on init (git-fixes). - drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes). - drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes). - drm/amdgpu: Adjust debugfs register access permissions (stable-fixes). - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes). - drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes). - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes). - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes). - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes). - drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes). - drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes). - drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: tc358767: Fix link properties discovery (git-fixes). - drm/bridge: tc358768: Fix DSI command tx (git-fixes). - drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes). - drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes). - drm/i915/gem: fix bitwise and logical AND mixup (git-fixes). - drm/i915/hdcp: fix connector refcounting (git-fixes). - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/mediatek: Fix child node refcount handling in early exit (git-fixes). - drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes). - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes). - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes). - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes). - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes). - drm/msm/gpu: Check the status of registration to PM QoS (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/msm: Fix some typos in comment (git-fixes). - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes). - drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes). - drm/omap: Fix possible NULL dereference (git-fixes). - drm/panfrost: Add missing OPP table refcnt decremental (git-fixes). - drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/sti: avoid potential dereference of error pointers (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes). - drm/v3d: Address race-condition in MMU flush (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes). - drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes). - drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes). - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes). - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes). - drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: use ATOMIC64_INIT() for atomic64_t (git-fixes). - drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes). - drm: zynqmp_kms: Unplug DRM device before removal (git-fixes). - e1000e: Fix S0ix residency on corporate systems (git-fixes). - e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes). - e1000e: change I219 (19) devices to ADP (git-fixes). - e1000e: fix force smbus during suspend flow (git-fixes). - e1000e: move force SMBUS near the end of enable_ulp function (git-fixes). - efi/libstub: Free correct pointer on failure (git-fixes). - efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes). - efi/libstub: zboot.lds: Discard .discard sections (stable-fixes). - efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes). - ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635). - ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636). - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637). - ext4: fix possible tid_t sequence overflows (bsc#1231634). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009). - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640). - ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639). - f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011). - fat: fix uninitialized variable (git-fixes). - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes). - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224088). - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes). - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes). - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes). - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes). - firmware: google: Unregister driver_info on failure (git-fixes). - firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: fix the cache always being enabled on files with qid flags (git-fixes). - fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207) - fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes). - genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes). - goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - gpio: exar: set value when external pull-up or pull-down is present (git-fixes). - gpio: zevio: Add missed label initialisation (git-fixes). - gve: Fix XDP TX completion handling when counters overflow (git-fixes). - gve: Fix an edge case for TSO skb validity check (git-fixes). - gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (max16065) Fix alarm attributes (git-fixes). - hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes). - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes). - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes). - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes). - i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes). - i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes). - i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes). - i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes). - i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes). - i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: i801: add helper i801_restore_regs (git-fixes). - i2c: ismt: kill transaction in hardware on timeout (git-fixes). - i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes). - i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes). - i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes). - i2c: omap: wakeup the controller during suspend() callback (git-fixes). - i2c: rcar: properly format a debug output (git-fixes). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: stm32f7: perform most of irq job in threaded handler (git-fixes). - i2c: synquacer: Deal with optional PCLK correctly (git-fixes). - i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes). - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes). - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i40e: Fix XDP program unloading while removing the driver (git-fixes). - i40e: Report MFS in decimal base instead of hex (git-fixes). - i40e: fix race condition by adding filter's intermediate sync state (git-fixes). - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes). - iavf: Fix TC config comparison with existing adapter TC config (git-fixes). - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes). - ice: Fix checking for unsupported keys on non-tunnel device (git-fixes). - ice: Fix lldp packets dropping after changing the number of channels (git-fixes). - ice: Fix netif_is_ice() in Safe Mode (git-fixes). - ice: Fix package download algorithm (git-fixes). - ice: Fix recipe read procedure (git-fixes). - ice: Fix reset handler (git-fixes). - ice: Flush FDB entries before reset (git-fixes). - ice: Interpret .set_channels() input differently (git-fixes). - ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes). - ice: Reject pin requests with unsupported flags (git-fixes). - ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes). - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes). - ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes). - ice: clear port vlan config during reset (git-fixes). - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes). - ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes). - ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes). - ice: fix 200G PHY types to link speed mapping (git-fixes). - ice: fix 200G link speed message log (git-fixes). - ice: fix ICE_LAST_OFFSET formula (git-fixes). - ice: fix VLAN replay after reset (git-fixes). - ice: fix VSI lists confusion when adding VLANs (git-fixes). - ice: fix accounting for filters shared by multiple VSIs (git-fixes). - ice: fix accounting if a VLAN already exists (git-fixes). - ice: fix iteration of TLVs in Preserved Fields Area (git-fixes). - ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes). - ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes). - ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes). - ice: implement AQ download pkg retry (git-fixes). - ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes). - ice: remove af_xdp_zc_qps bitmap (git-fixes). - ice: replace synchronize_rcu with synchronize_net (git-fixes). - ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes). - ice: set correct dst VSI in only LAN filters (git-fixes). - ice: tc: allow zero flags in parsing tc flower (git-fixes). - ice: tc: check src_vsi in case of traffic from VF (git-fixes). - ice: use proper macro for testing bit (git-fixes). - idpf: Interpret .set_channels() input differently (git-fixes). - idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes). - idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes). - idpf: do not skip over ethtool tcp-data-split setting (git-fixes). - idpf: fix UAFs when destroying the queues (git-fixes). - idpf: fix memleak in vport interrupt configuration (git-fixes). - idpf: fix memory leaks and crashes while performing a soft reset (git-fixes). - ieee802154: Fix build error (git-fixes). - igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes). - igb: Disable threaded IRQ for igb_msix_other (git-fixes). - igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes). - igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes). - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes). - igc: Fix qbv tx latency by setting gtxoffset (git-fixes). - igc: Fix qbv_config_change_errors logics (git-fixes). - igc: Fix reset adapter logics when tx mode change (git-fixes). - igc: Unlock on error in igc_io_resume() (git-fixes). - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes). - iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes). - iio: accel: kx022a: Fix raw read format (git-fixes). - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes). - iio: adc: ad7606: Fix typo in the driver name (git-fixes). - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes). - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes). - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes). - iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes). - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes). - iio: gts: Fix uninitialized symbol 'ret' (git-fixes). - iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: light: veml6030: fix microlux value calculation (git-fixes). - iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes). - iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes). - iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes). - initramfs: avoid filename buffer overrun (bsc#1232436). - intel_idle: add Granite Rapids Xeon support (bsc#1231630). - intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630). - io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes). - io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes). - io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes). - io_uring/net: harden multishot termination case for recv (git-fixes). - io_uring/rw: fix cflags posting for single issue multishot read (git-fixes). - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes). - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes). - io_uring/sqpoll: close race on waiting for sqring entries (git-fixes). - io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes). - io_uring/sqpoll: do not put cpumask on stack (git-fixes). - io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes). - io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes). - iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes). - iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes). - iommu/amd: Fix typo of , instead of ; (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes). - iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes). - iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes). - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes). - jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042). - jbd2: avoid infinite transaction commit loop (bsc#1234039). - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043). - jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040). - jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045). - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638). - jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042). - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044). - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046). - jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041). - jbd2: precompute number of transaction descriptor blocks (bsc#1234042). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - jump_label: Fix static_key_slow_dec() yet again (git-fixes). - kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - kABI workaround for ASoC SOF (bsc#1233305). - kABI: Restore exported __arm_smccc_sve_check (git-fixes) - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes). - kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi). - kasan: Fix Software Tag-Based KASAN with GCC (git-fixes). - kasan: move checks to do_strncpy_from_user (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kconfig: qconf: fix buffer overflow in debug links (git-fixes). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes). - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes). - keys: Fix overwrite of key expiration on instantiation (git-fixes). - kthread: unpark only parked kthread (git-fixes). - leds: lp55xx: Remove redundant test for invalid channel number (git-fixes). - lib/xarray: introduce a new helper xas_get_order (bsc#1231617). - lib: string_helpers: silence snprintf() output truncation warning (git-fixes). - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes). - macsec: do not increment counters for an unrelated SA (git-fixes). - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes). - maple_tree: correct tree corruption on spanning store (git-fixes). - maple_tree: fix alloc node fail issue (git-fixes). - maple_tree: refine mas_store_root() on storing NULL (git-fixes). - media: adv7604: prevent underflow condition when reporting colorspace (git-fixes). - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: amphion: Set video drvdata before register video device (git-fixes). - media: ar0521: do not overflow when checking PLL values (git-fixes). - media: atomisp: Add check for rgby_data memory allocation failure (git-fixes). - media: bttv: use audio defaults for winfast2000 (git-fixes). - media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes). - media: cx24116: prevent overflows on SNR calculus (git-fixes). - media: dvb_frontend: do not play tricks with underflow values (git-fixes). - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes). - media: dvbdev: prevent the risk of out of memory access (git-fixes). - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes). - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: i2c: imx335: Enable regulator supplies (stable-fixes). - media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes). - media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes). - media: imx-jpeg: Set video drvdata before register video device (git-fixes). - media: imx335: Fix reset-gpio handling (git-fixes). - media: mantis: remove orphan mantis_core.h (git-fixes). - media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes). - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes). - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes). - media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes). - media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes). - media: s5p-jpeg: prevent buffer overflows (git-fixes). - media: stb0899_algo: initialize cfr before using it (git-fixes). - media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes). - media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes). - media: uvcvideo: Stop stream during unregister (git-fixes). - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes). - media: v4l2-tpg: prevent the risk of a division by zero (git-fixes). - media: vb2: Fix comment (git-fixes). - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes). - media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes). - mei: use kvmalloc for read buffer (git-fixes). - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes). - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes). - minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes). - minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes). - misc: apds990x: Fix missing pm_runtime_disable() (git-fixes). - mlx5: avoid truncating error message (git-fixes). - mlx5: stop warning for 64KB pages (git-fixes). - mlxbf_gige: disable RX filters until RX path initialized (git-fixes). - mm/filemap: optimize filemap folio adding (bsc#1231617). - mm/filemap: return early if failed to allocate memory for split (bsc#1231617). - mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012). - mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes). - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes). - mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978). - mm: move dummy_vm_ops out of a header (git-fixes prerequisity). - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes). - mm: refactor map_deny_write_exec() (git-fixes). - mm: resolve faulty mmap_region() error path behaviour (git-fixes). - mm: unconditionally close VMAs on error (git-fixes). - mmc: core: Further prevent card detect during shutdown (git-fixes). - mmc: mmc_spi: drop buggy snprintf() (git-fixes). - mmc: sunxi-mmc: Fix A100 compatible description (git-fixes). - modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes). - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes). - modpost: remove incorrect code in do_eisa_entry() (git-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - mtd: rawnand: atmel: Fix possible memory leak (git-fixes). - mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes). - net/mlx5: Added cond_resched() to crdump collection (git-fixes). - net/mlx5: Check capability for fw_reset (git-fixes). - net/mlx5: Check for invalid vector index on EQ creation (git-fixes). - net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes). - net/mlx5: Fix command bitmask initialization (git-fixes). - net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes). - net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes). - net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes). - net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes). - net/mlx5: Unregister notifier on eswitch init failure (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes). - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes). - net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes). - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes). - net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes). - net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes). - net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes). - net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes). - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes). - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes). - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: mdio-ipq4019: add missing error check (git-fixes). - net: phy: Remove LED entry from LEDs list on unregister (git-fixes). - net: phy: bcm84881: Fix some error handling paths (git-fixes). - net: phy: dp83822: Fix reset pin definitions (git-fixes). - net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes). - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes). - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes). - net: qede: use return from qede_parse_actions() (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flower (git-fixes). - net: relax socket state check at accept time (git-fixes). - net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes) - net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes). - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes). - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes). - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes). - net: usb: usbnet: fix name regression (get-fixes). - net: usb: usbnet: fix race in probe failure (git-fixes). - net: wwan: fix global oob in wwan_rtnl_policy (git-fixes). - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes). - net: xfrm: preserve kabi for xfrm_state (bsc#1233754). - netdevsim: copy addresses for both in and out paths (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - netfilter: nf_tables: missing iterator type in lookup walk (git-fixes). - nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes). - nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nilfs2: fix potential deadlock with newly created symlinks (git-fixes). - nouveau/dmem: Fix privileged error in copy engine channel (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes). - nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes). - nouveau: fw: sync dma after setup is called (git-fixes). - nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207) - nvme-fabrics: fix kernel crash while shutting down controller (git-fixes). - nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes). - nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244). - nvme-pci: fix freeing of the HMB descriptor table (git-fixes). - nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvme-pci: reverse request order in nvme_queue_rqs (git-fixes). - nvme-pci: set doorbell config before unquiescing (git-fixes). - nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901). - nvme: null terminate nvme_tls_attrs (git-fixes). - nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes). - nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes). - ocfs2: uncache inode which has failed entering the group (git-fixes). - of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386) - parport: Proper fix for array out-of-bounds access (git-fixes). - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes). - phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes). - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes). - phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes). - phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes). - pinctrl: apple: check devm_kasprintf() returned value (git-fixes). - pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes). - pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes). - pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes). - pinctrl: zynqmp: drop excess struct member description (git-fixes). - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes). - platform/x86/amd/pmc: Detect when STB is not available (git-fixes). - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes). - platform/x86: dell-sysman: add support for alienware products (stable-fixes). - platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes). - platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes). - platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - power: supply: bq27xxx: Fix registers of bq27426 (git-fixes). - power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes). - power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes). - power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes). - powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199). - powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632). - powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632). - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199). - powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199). - powerpc/kexec: Fix return of uninitialized variable (bsc#1194869). - powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869). - powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869). - powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869). - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869). - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869). - powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - printk: Add notation to console_srcu locking (bsc#1232183). - pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes). - qed: avoid truncating work queue length (git-fixes). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623). - regmap: detach regmap from dev on regmap_exit (git-fixes). - regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes). - rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK. - rpm/release-projects: Add SLFO projects (bsc#1231293). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - rpmsg: glink: Handle rejected intent request better (git-fixes). - rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes). - rtc: abx80x: Fix WDT bit position of the status register (git-fixes). - rtc: bbnsm: add remove hook (git-fixes). - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes). - rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes). - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - runtime constants: add default dummy infrastructure (git-fixes). - runtime constants: add x86 architecture support (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629). - s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627). - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes). - scsi: Remove scsi device no_start_on_resume flag (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes). - scsi: core: Disable CDL by default (git-fixes). - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes). - scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpi3mr: Validate SAS port assignments (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes). - scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes). - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes). - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: sr: Fix unintentional arithmetic wraparound (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes). - selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes). - selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - serial: 8250: omap: Move pm_runtime_get_sync (git-fixes). - serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes). - serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes). - signal: Replace BUG_ON()s (bsc#1234093). - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes). - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes). - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes). - spi: Fix acpi deferred irq probe (git-fixes). - spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes). - spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes). - splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes). - splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes). - splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes). - srcu: Fix callbacks acceleration mishandling (git-fixes). - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes). - sumversion: Fix a memory leak in get_src_version() (git-fixes). - supported.conf: mark nhpoly1305 module as supported (bsc#1231035) - supported.conf: mark ultravisor userspace access as supported (bsc#1232090) - task_work: add kerneldoc annotation for 'data' argument (git-fixes). - tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes). - thermal: core: Initialize thermal zones before registering them (git-fixes). - thermal: int3400: Fix reading of current_uuid for active policy (git-fixes). - thermal: intel: int340x: processor: Fix warning during module unload (git-fixes). - thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes). - thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes). - tools/lib/thermal: Fix sampling handler context ptr (git-fixes). - tools/power turbostat: Fix trailing '\n' parsing (git-fixes). - tools/power turbostat: Increase the limit for fd opened (bsc#1233119). - tools: hv: rm .*.cmd when make clean (git-fixes). - tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes). - tpm: fix signed/unsigned bug when checking event logs (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/osnoise: Fix build when timerlat is not enabled (git-fixes). - tracing/osnoise: Skip running osnoise if all instances are off (git-fixes). - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes). - tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes). - tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes). - tracing/timerlat: Add user-space interface (git-fixes). - tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes). - tracing/timerlat: Fix a race during cpuhp processing (git-fixes). - tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes). - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes). - tracing/timerlat: Only clear timer if a kthread exists (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes). - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes). - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460). - unicode: Do not special case ignorable code points (stable-fixes). - unicode: Fix utf8_load() error path (git-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114). - uprobes: turn xol_area->pages into xol_area->page (bsc#1231114). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes). - usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes). - usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes). - usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes). - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes). - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes). - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes). - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes). - usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes). - usb: musb: sunxi: Fix accessing an released usb phy (git-fixes). - usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes). - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes). - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes). - usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usb: yurex: make waiting on yurex_write interruptible (git-fixes). - usbip: tools: Fix detach_port() invalid port error path (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes). - vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes). - vdpa_sim_blk: allocate the buffer zeroed (git-fixes). - vduse: avoid using __GFP_NOFAIL (git-fixes). - vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978). - vmxnet3: Add XDP support (bsc#1226498). - vmxnet3: Fix missing reserved tailroom (bsc#1226498). - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vsock: Update msg_count on read_skb() (git-fixes). - vt: prevent kernel-infoleak in con_font_get() (git-fixes). - watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes). - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes). - watchdog: rti: of: honor timeout-sec property (git-fixes). - wifi: ath10k: Fix memory leak in management tx (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes). - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes). - wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes). - wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: fix crash when unbinding (git-fixes). - wifi: ath12k: fix warning when unbinding (git-fixes). - wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes). - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes). - wifi: brcmfmac: release 'root' node in all execution paths (git-fixes). - wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes). - wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes). - wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes). - wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes). - wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes). - wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes). - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes). - wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes). - wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes). - wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes). - wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes). - wifi: iwlwifi: mvm: use correct key iteration (stable-fixes). - wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes). - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes). - wifi: mac80211: fix RCU list iterations (stable-fixes). - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes). - wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes). - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes). - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes). - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes). - wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes). - wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes). - wifi: rtw89: correct base HT rate mask for firmware (stable-fixes). - wifi: wfx: Fix error handling in wfx_core_init() (git-fixes). - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443). - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes). - x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes). - x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes). - x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes). - x86/apic: Make x2apic_disable() work correctly (git-fixes). - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes). - x86/mm: Use IPIs to synchronize LAM enablement (git-fixes). - x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes). - x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes). - x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Enable CPU topology enumeration (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/traps: move kmsan check after instrumentation_begin (git-fixes). - x86: Increase brk randomness entropy for 64-bit systems (git-fixes). - x86: do the user address masking outside the user access area (git-fixes). - x86: fix off-by-one in access_ok() (git-fixes). - x86: fix user address masking non-canonical speculation issue (git-fixes). - x86: make the masked_user_access_begin() macro use its argument only once (git-fixes). - x86: support user address masking instead of non-speculative conditional (git-fixes). - xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754). - xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754). - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes). - xfs: check shortform attr entry flags specifically (git-fixes). - xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes). - xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes). - xfs: fix freeing speculative preallocations for preallocated files (git-fixes). - xfs: make sure sb_fdblocks is non-negative (git-fixes). - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes). - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes). - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes). - xfs: validate recovered name buffers when recovering xattr items (git-fixes). - xhci: Add a quirk for writing ERST in high-low order (git-fixes). - xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes). - xhci: tegra: fix checked USB2 port number (git-fixes). - zonefs: Improve error handling (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-24.1.21.4 updated From sle-container-updates at lists.suse.com Wed Feb 19 08:16:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 09:16:48 +0100 (CET) Subject: SUSE-CU-2025:1085-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250219081648.64797FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1085-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.105 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.105 Severity : important Type : security References : 1012628 1194869 1215199 1216813 1218470 1220711 1221326 1222803 1224049 1225897 1226980 1228086 1228592 1229228 1229833 1231016 1231088 1231472 1231792 1232087 1232101 1232158 1232161 1232421 1232882 1233055 1233112 1233221 1233248 1233259 1233260 1233265 1233488 1233522 1233638 1233642 1233752 1233778 1234195 1234313 1234619 1234635 1234683 1234693 1234726 1234765 1234825 1234863 1234887 1234888 1234893 1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957 1235000 1235001 1235011 1235031 1235032 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046 1235050 1235051 1235053 1235054 1235057 1235059 1235065 1235070 1235073 1235100 1235112 1235115 1235117 1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235441 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906 1235912 1235914 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236282 1236628 1236680 1236683 1236685 1236688 1236694 1236696 1236698 1236703 1236732 1236733 1236757 1236758 1236760 1236761 1236878 1236960 1237040 1237041 CVE-2023-52489 CVE-2023-52923 CVE-2024-12133 CVE-2024-26810 CVE-2024-36476 CVE-2024-39282 CVE-2024-43913 CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50051 CVE-2024-50106 CVE-2024-50151 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091 CVE-2024-53095 CVE-2024-53164 CVE-2024-53168 CVE-2024-53170 CVE-2024-53172 CVE-2024-53175 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56538 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2025-0395 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21666 CVE-2025-21669 CVE-2025-21670 CVE-2025-21674 CVE-2025-21675 CVE-2025-21676 CVE-2025-21678 CVE-2025-21682 CVE-2025-26465 CVE-2025-26466 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:499-1 Released: Thu Feb 13 09:14:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1 235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608 0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024- 56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025 -21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:500-1 Released: Thu Feb 13 09:26:54 2025 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1233265 This update for mdadm fixes the following issue: - mdopen: add /sbin to PATH when call system('modprobe md_mod') (bsc#1233265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:515-1 Released: Thu Feb 13 12:58:42 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1228086,1231792,1235912 This update for dracut fixes the following issue: - Version update 059+suse.552.g232957b4 - fixes related to getting live image size (bsc#1235912). - fixes for booting from iSCSI offload with bnx2i (bsc#1228086). - rework timeout for devices added via --mount and --add-device (bsc#1231792). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:585-1 Released: Tue Feb 18 17:42:14 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,1237041,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). The following package changes have been done: - dracut-059+suse.552.g232957b4-150600.3.17.2 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-2.38-150600.14.23.1 updated - kernel-default-6.4.0-150600.23.38.1 updated - libsystemd0-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated - mdadm-4.3-150600.3.9.2 updated - openssh-clients-9.6p1-150600.6.15.2 updated - openssh-common-9.6p1-150600.6.15.2 updated - openssh-server-9.6p1-150600.6.15.2 updated - openssh-9.6p1-150600.6.15.2 updated - permissions-20240826-150600.10.18.2 updated - systemd-254.23-150600.4.25.1 updated - udev-254.23-150600.4.25.1 updated From sle-container-updates at lists.suse.com Sat Feb 1 08:04:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 01 Feb 2025 08:04:29 -0000 Subject: SUSE-IU-2025:464-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250201080428.31746FBA0@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:464-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-3.24 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 3.24 Severity : important Type : security References : 1012628 1065729 1082555 1194869 1215199 1217845 1218562 1218644 1219596 1219803 1220355 1220382 1221309 1222423 1222587 1222590 1223112 1223384 1223656 1223700 1223733 1223824 1223848 1224088 1224429 1224518 1224548 1224574 1224948 1225611 1225713 1225725 1225730 1225742 1225764 1225768 1225813 1225903 1226003 1226130 1226498 1226623 1226631 1226748 1226797 1226848 1226872 1227726 1227842 1228119 1228244 1228269 1228410 1228430 1228454 1228537 1228620 1228743 1228747 1228850 1228857 1229019 1229165 1229429 1229450 1229585 1229677 1229769 1229808 1229891 1230055 1230132 1230179 1230220 1230231 1230289 1230295 1230339 1230341 1230375 1230414 1230429 1230456 1230501 1230527 1230550 1230557 1230558 1230600 1230620 1230710 1230733 1230762 1230763 1230773 1230774 1230801 1230807 1230817 1230827 1230831 1230914 1230918 1230971 1231016 1231035 1231072 1231073 1231075 1231076 1231081 1231082 1231083 1231084 1231085 1231087 1231089 1231092 1231093 1231094 1231096 1231098 1231100 1231101 1231102 1231105 1231108 1231111 1231114 1231115 1231116 1231117 1231131 1231132 1231135 1231136 1231138 1231148 1231169 1231170 1231171 1231178 1231179 1231182 1231183 1231187 1231191 1231193 1231195 1231197 1231200 1231202 1231203 1231276 1231293 1231384 1231434 1231435 1231436 1231439 1231440 1231441 1231442 1231452 1231453 1231465 1231474 1231481 1231496 1231502 1231537 1231539 1231540 1231541 1231617 1231630 1231634 1231635 1231636 1231637 1231638 1231639 1231640 1231673 1231828 1231849 1231855 1231856 1231857 1231858 1231859 1231860 1231861 1231864 1231865 1231868 1231869 1231871 1231872 1231901 1231902 1231903 1231904 1231906 1231907 1231908 1231914 1231916 1231920 1231924 1231926 1231930 1231931 1231935 1231942 1231944 1231946 1231947 1231950 1231951 1231952 1231953 1231954 1231955 1231956 1231957 1231965 1231967 1231968 1231987 1231988 1231989 1231990 1231998 1232000 1232003 1232009 1232013 1232015 1232016 1232017 1232018 1232033 1232034 1232036 1232043 1232047 1232048 1232049 1232050 1232056 1232075 1232076 1232079 1232080 1232083 1232084 1232085 1232089 1232090 1232093 1232094 1232096 1232097 1232098 1232103 1232104 1232105 1232109 1232111 1232114 1232116 1232117 1232124 1232126 1232127 1232129 1232130 1232131 1232132 1232134 1232135 1232140 1232141 1232142 1232145 1232147 1232148 1232149 1232151 1232152 1232154 1232155 1232156 1232157 1232159 1232160 1232162 1232164 1232165 1232166 1232174 1232180 1232182 1232183 1232185 1232187 1232189 1232192 1232195 1232196 1232198 1232199 1232200 1232201 1232207 1232208 1232217 1232218 1232220 1232221 1232222 1232224 1232232 1232250 1232251 1232253 1232254 1232255 1232256 1232258 1232259 1232260 1232262 1232263 1232264 1232272 1232275 1232279 1232282 1232285 1232287 1232295 1232305 1232307 1232309 1232310 1232312 1232313 1232314 1232315 1232316 1232317 1232318 1232329 1232332 1232333 1232334 1232335 1232337 1232339 1232340 1232342 1232345 1232349 1232352 1232354 1232355 1232357 1232358 1232359 1232361 1232362 1232366 1232367 1232368 1232369 1232370 1232371 1232374 1232378 1232381 1232383 1232385 1232386 1232387 1232392 1232394 1232395 1232396 1232413 1232416 1232417 1232418 1232424 1232427 1232432 1232435 1232436 1232442 1232446 1232483 1232494 1232498 1232499 1232500 1232501 1232502 1232503 1232504 1232505 1232506 1232507 1232511 1232519 1232520 1232529 1232552 1232623 1232626 1232627 1232628 1232629 1232704 1232757 1232768 1232819 1232823 1232860 1232869 1232870 1232873 1232876 1232877 1232878 1232880 1232881 1232884 1232885 1232887 1232888 1232890 1232892 1232894 1232896 1232897 1232905 1232907 1232914 1232919 1232925 1232926 1232928 1232935 1233029 1233032 1233035 1233036 1233041 1233044 1233049 1233050 1233051 1233056 1233057 1233061 1233062 1233063 1233065 1233067 1233070 1233073 1233074 1233088 1233091 1233092 1233097 1233100 1233103 1233104 1233105 1233106 1233107 1233108 1233110 1233111 1233113 1233114 1233115 1233117 1233119 1233123 1233125 1233127 1233129 1233130 1233132 1233135 1233176 1233179 1233185 1233188 1233189 1233191 1233193 1233197 1233201 1233203 1233204 1233205 1233206 1233207 1233208 1233209 1233210 1233211 1233212 1233216 1233217 1233219 1233226 1233238 1233241 1233244 1233253 1233255 1233293 1233298 1233305 1233320 1233350 1233443 1233452 1233453 1233454 1233456 1233457 1233458 1233460 1233462 1233463 1233464 1233465 1233468 1233471 1233476 1233478 1233479 1233481 1233484 1233485 1233487 1233490 1233491 1233523 1233524 1233540 1233547 1233548 1233550 1233552 1233553 1233554 1233555 1233557 1233560 1233561 1233564 1233566 1233567 1233568 1233570 1233572 1233573 1233577 1233580 1233640 1233641 1233642 1233721 1233754 1233756 1233769 1233771 1233977 1234009 1234011 1234012 1234025 1234039 1234040 1234041 1234042 1234043 1234044 1234045 1234046 1234072 1234078 1234081 1234083 1234085 1234087 1234093 1234098 1234108 1234121 1234223 CVE-2023-52766 CVE-2023-52778 CVE-2023-52800 CVE-2023-52881 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922 CVE-2023-6270 CVE-2024-26596 CVE-2024-26703 CVE-2024-26741 CVE-2024-26758 CVE-2024-26761 CVE-2024-26767 CVE-2024-26782 CVE-2024-26864 CVE-2024-26943 CVE-2024-26953 CVE-2024-27017 CVE-2024-27026 CVE-2024-27043 CVE-2024-27407 CVE-2024-35888 CVE-2024-35980 CVE-2024-36000 CVE-2024-36031 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883 CVE-2024-36886 CVE-2024-36905 CVE-2024-36920 CVE-2024-36927 CVE-2024-36954 CVE-2024-36968 CVE-2024-38576 CVE-2024-38577 CVE-2024-38589 CVE-2024-38599 CVE-2024-40914 CVE-2024-41016 CVE-2024-41023 CVE-2024-41031 CVE-2024-41047 CVE-2024-41082 CVE-2024-42102 CVE-2024-42145 CVE-2024-44932 CVE-2024-44958 CVE-2024-44964 CVE-2024-44995 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46680 CVE-2024-46681 CVE-2024-46721 CVE-2024-46754 CVE-2024-46765 CVE-2024-46766 CVE-2024-46770 CVE-2024-46775 CVE-2024-46777 CVE-2024-46788 CVE-2024-46797 CVE-2024-46800 CVE-2024-46802 CVE-2024-46803 CVE-2024-46804 CVE-2024-46805 CVE-2024-46806 CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46825 CVE-2024-46826 CVE-2024-46827 CVE-2024-46828 CVE-2024-46830 CVE-2024-46831 CVE-2024-46834 CVE-2024-46835 CVE-2024-46836 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843 CVE-2024-46845 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849 CVE-2024-46851 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857 CVE-2024-46859 CVE-2024-46860 CVE-2024-46861 CVE-2024-46864 CVE-2024-46870 CVE-2024-46871 CVE-2024-47658 CVE-2024-47660 CVE-2024-47661 CVE-2024-47662 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666 CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47675 CVE-2024-47679 CVE-2024-47681 CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686 CVE-2024-47687 CVE-2024-47688 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701 CVE-2024-47702 CVE-2024-47703 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47714 CVE-2024-47715 CVE-2024-47718 CVE-2024-47719 CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47731 CVE-2024-47732 CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47741 CVE-2024-47742 CVE-2024-47743 CVE-2024-47744 CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47750 CVE-2024-47751 CVE-2024-47752 CVE-2024-47753 CVE-2024-47754 CVE-2024-47756 CVE-2024-47757 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49853 CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49862 CVE-2024-49863 CVE-2024-49864 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49874 CVE-2024-49875 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49886 CVE-2024-49888 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49898 CVE-2024-49899 CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905 CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917 CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923 CVE-2024-49925 CVE-2024-49928 CVE-2024-49929 CVE-2024-49930 CVE-2024-49931 CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49937 CVE-2024-49938 CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947 CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49953 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49961 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969 CVE-2024-49972 CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49976 CVE-2024-49981 CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49986 CVE-2024-49987 CVE-2024-49989 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003 CVE-2024-50004 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009 CVE-2024-50012 CVE-2024-50013 CVE-2024-50014 CVE-2024-50015 CVE-2024-50017 CVE-2024-50019 CVE-2024-50020 CVE-2024-50021 CVE-2024-50022 CVE-2024-50023 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50027 CVE-2024-50028 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50040 CVE-2024-50041 CVE-2024-50042 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50060 CVE-2024-50061 CVE-2024-50062 CVE-2024-50063 CVE-2024-50064 CVE-2024-50067 CVE-2024-50069 CVE-2024-50073 CVE-2024-50074 CVE-2024-50075 CVE-2024-50076 CVE-2024-50077 CVE-2024-50078 CVE-2024-50080 CVE-2024-50081 CVE-2024-50082 CVE-2024-50084 CVE-2024-50087 CVE-2024-50088 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50100 CVE-2024-50101 CVE-2024-50102 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50121 CVE-2024-50124 CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50130 CVE-2024-50131 CVE-2024-50134 CVE-2024-50135 CVE-2024-50136 CVE-2024-50138 CVE-2024-50139 CVE-2024-50141 CVE-2024-50145 CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50157 CVE-2024-50158 CVE-2024-50159 CVE-2024-50160 CVE-2024-50166 CVE-2024-50167 CVE-2024-50169 CVE-2024-50171 CVE-2024-50172 CVE-2024-50175 CVE-2024-50176 CVE-2024-50177 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50200 CVE-2024-50201 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50210 CVE-2024-50215 CVE-2024-50216 CVE-2024-50218 CVE-2024-50221 CVE-2024-50224 CVE-2024-50225 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230 CVE-2024-50231 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50240 CVE-2024-50245 CVE-2024-50246 CVE-2024-50248 CVE-2024-50249 CVE-2024-50250 CVE-2024-50252 CVE-2024-50255 CVE-2024-50257 CVE-2024-50261 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271 CVE-2024-50273 CVE-2024-50274 CVE-2024-50275 CVE-2024-50276 CVE-2024-50279 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53045 CVE-2024-53048 CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53074 CVE-2024-53076 CVE-2024-53079 CVE-2024-53081 CVE-2024-53082 CVE-2024-53085 CVE-2024-53088 CVE-2024-53093 CVE-2024-53094 CVE-2024-53095 CVE-2024-53096 CVE-2024-53100 CVE-2024-53101 CVE-2024-53104 CVE-2024-53106 CVE-2024-53108 CVE-2024-53110 CVE-2024-53112 CVE-2024-53114 CVE-2024-53121 CVE-2024-53138 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-1 Released: Fri Jan 31 13:18:46 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1082555,1194869,1215199,1217845,1218562,1218644,1219596,1219803,1220355,1220382,1221309,1222423,1222587,1222590,1223112,1223384,1223656,1223700,1223733,1223824,1223848,1224088,1224429,1224518,1224548,1224574,1224948,1225611,1225713,1225725,1225730,1225742,1225764,1225768,1225813,1225903,1226003,1226130,1226498,1226623,1226631,1226748,1226797,1226848,1226872,1227726,1227842,1228119,1228244,1228269,1228410,1228430,1228454,1228537,1228620,1228743,1228747,1228850,1228857,1229019,1229165,1229429,1229450,1229585,1229677,1229769,1229808,1229891,1230055,1230132,1230179,1230220,1230231,1230289,1230295,1230339,1230341,1230375,1230414,1230429,1230456,1230501,1230527,1230550,1230557,1230558,1230600,1230620,1230710,1230733,1230762,1230763,1230773,1230774,1230801,1230807,1230817,1230827,1230831,1230914,1230918,1230971,1231016,1231035,1231072,1231073,1231075,1231076,1231081,1231082,1231083,1231084,1231085,1231087,1231089,1231092,1231093,1231094,1231096,1231098,1231100,1 231101,1231102,1231105,1231108,1231111,1231114,1231115,1231116,1231117,1231131,1231132,1231135,1231136,1231138,1231148,1231169,1231170,1231171,1231178,1231179,1231182,1231183,1231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231276,1231293,1231384,1231434,1231435,1231436,1231439,1231440,1231441,1231442,1231452,1231453,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231617,1231630,1231634,1231635,1231636,1231637,1231638,1231639,1231640,1231673,1231828,1231849,1231855,1231856,1231857,1231858,1231859,1231860,1231861,1231864,1231865,1231868,1231869,1231871,1231872,1231901,1231902,1231903,1231904,1231906,1231907,1231908,1231914,1231916,1231920,1231924,1231926,1231930,1231931,1231935,1231942,1231944,1231946,1231947,1231950,1231951,1231952,1231953,1231954,1231955,1231956,1231957,1231965,1231967,1231968,1231987,1231988,1231989,1231990,1231998,1232000,1232003,1232009,1232013,1232015,1232016,1232017,1232018,1232033,1232034,1232036,1232043,1232047,123204 8,1232049,1232050,1232056,1232075,1232076,1232079,1232080,1232083,1232084,1232085,1232089,1232090,1232093,1232094,1232096,1232097,1232098,1232103,1232104,1232105,1232109,1232111,1232114,1232116,1232117,1232124,1232126,1232127,1232129,1232130,1232131,1232132,1232134,1232135,1232140,1232141,1232142,1232145,1232147,1232148,1232149,1232151,1232152,1232154,1232155,1232156,1232157,1232159,1232160,1232162,1232164,1232165,1232166,1232174,1232180,1232182,1232183,1232185,1232187,1232189,1232192,1232195,1232196,1232198,1232199,1232200,1232201,1232207,1232208,1232217,1232218,1232220,1232221,1232222,1232224,1232232,1232250,1232251,1232253,1232254,1232255,1232256,1232258,1232259,1232260,1232262,1232263,1232264,1232272,1232275,1232279,1232282,1232285,1232287,1232295,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232315,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232340,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,123 2362,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,1232383,1232385,1232386,1232387,1232392,1232394,1232395,1232396,1232413,1232416,1232417,1232418,1232424,1232427,1232432,1232435,1232436,1232442,1232446,1232483,1232494,1232498,1232499,1232500,1232501,1232502,1232503,1232504,1232505,1232506,1232507,1232511,1232519,1232520,1232529,1232552,1232623,1232626,1232627,1232628,1232629,1232704,1232757,1232768,1232819,1232823,1232860,1232869,1232870,1232873,1232876,1232877,1232878,1232880,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232894,1232896,1232897,1232905,1232907,1232914,1232919,1232925,1232926,1232928,1232935,1233029,1233032,1233035,1233036,1233041,1233044,1233049,1233050,1233051,1233056,1233057,1233061,1233062,1233063,1233065,1233067,1233070,1233073,1233074,1233088,1233091,1233092,1233097,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233115,1233117,1233119,1233123,1233125,1233127,1233129,1233130,1233132, 1233135,1233176,1233179,1233185,1233188,1233189,1233191,1233193,1233197,1233201,1233203,1233204,1233205,1233206,1233207,1233208,1233209,1233210,1233211,1233212,1233216,1233217,1233219,1233226,1233238,1233241,1233244,1233253,1233255,1233293,1233298,1233305,1233320,1233350,1233443,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233464,1233465,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233485,1233487,1233490,1233491,1233523,1233524,1233540,1233547,1233548,1233550,1233552,1233553,1233554,1233555,1233557,1233560,1233561,1233564,1233566,1233567,1233568,1233570,1233572,1233573,1233577,1233580,1233640,1233641,1233642,1233721,1233754,1233756,1233769,1233771,1233977,1234009,1234011,1234012,1234025,1234039,1234040,1234041,1234042,1234043,1234044,1234045,1234046,1234072,1234078,1234081,1234083,1234085,1234087,1234093,1234098,1234108,1234121,1234223,CVE-2023-52766,CVE-2023-52778,CVE-2023-52800,CVE-2023-52881,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE- 2023-52920,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26596,CVE-2024-26703,CVE-2024-26741,CVE-2024-26758,CVE-2024-26761,CVE-2024-26767,CVE-2024-26782,CVE-2024-26864,CVE-2024-26943,CVE-2024-26953,CVE-2024-27017,CVE-2024-27026,CVE-2024-27043,CVE-2024-27407,CVE-2024-35888,CVE-2024-35980,CVE-2024-36000,CVE-2024-36031,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36920,CVE-2024-36927,CVE-2024-36954,CVE-2024-36968,CVE-2024-38576,CVE-2024-38577,CVE-2024-38589,CVE-2024-38599,CVE-2024-40914,CVE-2024-41016,CVE-2024-41023,CVE-2024-41031,CVE-2024-41047,CVE-2024-41082,CVE-2024-42102,CVE-2024-42145,CVE-2024-44932,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-46680,CVE-2024-46681,CVE-2024-46721,CVE-2024-46754,CVE-2024-46765,CVE-2024-46766,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46788,CVE-2024-46797,CVE-2024-46800,CVE-2024-46802,CVE-2024-46803,CVE-2024-46804,CVE-2024-46805,CVE-2024-468 06,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46825,CVE-2024-46826,CVE-2024-46827,CVE-2024-46828,CVE-2024-46830,CVE-2024-46831,CVE-2024-46834,CVE-2024-46835,CVE-2024-46836,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46843,CVE-2024-46845,CVE-2024-46846,CVE-2024-46848,CVE-2024-46849,CVE-2024-46851,CVE-2024-46852,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46860,CVE-2024-46861,CVE-2024-46864,CVE-2024-46870,CVE-2024-46871,CVE-2024-47658,CVE-2024-47660,CVE-2024-47661,CVE-2024-47662,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47666,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47675,CVE-2024-47679,CVE-2024-47681,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47686,CVE-2024-47687,CVE- 2024-47688,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47702,CVE-2024-47703,CVE-2024-47704,CVE-2024-47705,CVE-2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47714,CVE-2024-47715,CVE-2024-47718,CVE-2024-47719,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47731,CVE-2024-47732,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47741,CVE-2024-47742,CVE-2024-47743,CVE-2024-47744,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47750,CVE-2024-47751,CVE-2024-47752,CVE-2024-47753,CVE-2024-47754,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49853,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49862,CVE-2024-49863,CVE-2024-49864,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49874,CVE-2024-49 875,CVE-2024-49877,CVE-2024-49878,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49888,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49898,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49925,CVE-2024-49928,CVE-2024-49929,CVE-2024-49930,CVE-2024-49931,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49937,CVE-2024-49938,CVE-2024-49939,CVE-2024-49944,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49952,CVE-2024-49953,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49961,CVE-2024-49962,CVE -2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49972,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49976,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49986,CVE-2024-49987,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50004,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50012,CVE-2024-50013,CVE-2024-50014,CVE-2024-50015,CVE-2024-50017,CVE-2024-50019,CVE-2024-50020,CVE-2024-50021,CVE-2024-50022,CVE-2024-50023,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50027,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50040,CVE-2024-50041,CVE-2024-50042,CVE-2024-50044,CVE-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50060,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50064,CVE-2024-5 0067,CVE-2024-50069,CVE-2024-50073,CVE-2024-50074,CVE-2024-50075,CVE-2024-50076,CVE-2024-50077,CVE-2024-50078,CVE-2024-50080,CVE-2024-50081,CVE-2024-50082,CVE-2024-50084,CVE-2024-50087,CVE-2024-50088,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50100,CVE-2024-50101,CVE-2024-50102,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50121,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50130,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50136,CVE-2024-50138,CVE-2024-50139,CVE-2024-50141,CVE-2024-50145,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50157,CVE-2024-50158,CVE-2024-50159,CVE-2024-50160,CVE-2024-50166,CVE-2024-50167,CVE-2024-50169,CVE-2024-50171,CVE-2024-50172,CVE-2024-50175,CVE-2024-50176,CVE-2024-50177,CVE-2024-50179,CVE-2024-50180,CVE-2024-50181,CVE-2024-50182,CV E-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50200,CVE-2024-50201,CVE-2024-50205,CVE-2024-50208,CVE-2024-50209,CVE-2024-50210,CVE-2024-50215,CVE-2024-50216,CVE-2024-50218,CVE-2024-50221,CVE-2024-50224,CVE-2024-50225,CVE-2024-50228,CVE-2024-50229,CVE-2024-50230,CVE-2024-50231,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50235,CVE-2024-50236,CVE-2024-50237,CVE-2024-50240,CVE-2024-50245,CVE-2024-50246,CVE-2024-50248,CVE-2024-50249,CVE-2024-50250,CVE-2024-50252,CVE-2024-50255,CVE-2024-50257,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50275,CVE-2024-50276,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50296,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53042,CVE-2024-53043,CVE-2024- 53045,CVE-2024-53048,CVE-2024-53051,CVE-2024-53052,CVE-2024-53055,CVE-2024-53056,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53072,CVE-2024-53074,CVE-2024-53076,CVE-2024-53079,CVE-2024-53081,CVE-2024-53082,CVE-2024-53085,CVE-2024-53088,CVE-2024-53093,CVE-2024-53094,CVE-2024-53095,CVE-2024-53096,CVE-2024-53100,CVE-2024-53101,CVE-2024-53104,CVE-2024-53106,CVE-2024-53108,CVE-2024-53110,CVE-2024-53112,CVE-2024-53114,CVE-2024-53121,CVE-2024-53138 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355). - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587). - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656). - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733). - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742). - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813). - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764). - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842). - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430). - CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620). - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557). - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807). - CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435). - CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode() and iput() (bsc#1231930). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920). - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869). - CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130). - CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868). - CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131). - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819). - CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256). - CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262). - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367). - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096). - CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093). - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258). - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385). - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318). - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079). - CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989). - CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957). - CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417). - CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435). - CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901). - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500). - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494). - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499). - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498). - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881). - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894). - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935). - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062). - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044). - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049). - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320). - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057). - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115). - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129). - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135). - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110). - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106). - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193). - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204). - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206). - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203). - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207). - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226). - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201). - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244). - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460). - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464). - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478). - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487). - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540). - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523). - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552). - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570). - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085). - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078). - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes). - ACPI: CPPC: Fix _CPC register setting issue (git-fixes). - ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes). - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes). - ACPI: battery: Simplify battery hook locking (stable-fixes). - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes). - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes). - ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes). - ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes). - ALSA: 6fire: Release resources at card release (git-fixes). - ALSA: Reorganize kerneldoc parameter names (stable-fixes). - ALSA: ac97: bus: Fix the mistake in the comment (git-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes). - ALSA: hda/conexant: fix some typos (stable-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803). - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes). - ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes). - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes). - ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298). - ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes). - ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298). - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298). - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes). - ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes). - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes). - ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes). - ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes). - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes). - ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes). - ALSA: hda: Show the codec quirk info at probing (stable-fixes). - ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes). - ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: line6: update contact information (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes). - ALSA: silence integer wrapping warning (stable-fixes). - ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes). - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768). - ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes). - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes). - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes). - ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes). - ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes). - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes). - ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes). - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes). - ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes). - ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305). - ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305). - ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305). - ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305). - ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305). - ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305). - ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305). - ASoC: SOF: Wire up buffer flags (bsc#1233305). - ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305). - ASoC: SOF: align topology header file with sof topology header (bsc#1233305). - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes). - ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes). - ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305). - ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305). - ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305). - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305). - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305). - ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305). - ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305). - ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305). - ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305). - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305). - ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305). - ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305). - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305). - ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes). - ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305). - ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305). - ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes). - ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes). - ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes). - ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes). - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes). - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes). - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes). - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes). - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes). - ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes). - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes). - ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes). - ASoC: fsl_micfil: Add sample rate constraint (stable-fixes). - ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes). - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: max98388: Fix missing increment of variable slot_found (git-fixes). - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes). - ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes). - ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes). - ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes). - ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes). - ASoC: tas2781: Use of_property_read_reg() (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: fix use-after-free in device_for_each_child() (git-fixes). - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes). - Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - Documentation: kgdb: Correct parameter error (git-fixes). - HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes). - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: core: zero-initialize the report buffer (git-fixes). - HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes). - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes). - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes). - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes). - HID: multitouch: Add support for B2402FVA track point (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes). - HID: wacom: fix when get product name maybe null pointer (git-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes). - Input: hideep - add missing dependency on REGMAP_I2C (git-fixes). - Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes). - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes). - Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes). - Input: xpad - add GameSir VID for Xbox One controllers (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes). - Input: xpad - add support for MSI Claw A1M (git-fixes). - Input: xpad - add support for Machenike G5 Pro Controller (git-fixes). - Input: xpad - fix support for some third-party controllers (git-fixes). - Input: xpad - sort xpad_device by vendor and product ID (git-fixes). - Input: xpad - spelling fixes for 'Xbox' (git-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199). - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199). - KVM: PPC: Book3S HV: remove unused varible (bsc#1194869). - KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207). - KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes). - KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes). - KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623). - KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes). - KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes). - KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes). - KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes). - KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes). - KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes). - KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes). - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFS: remove revoked delegation from server's delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add T_PVPERL macro (git-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Fix reset_method_store() memory leak (git-fixes). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes). - PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes). - PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes). - PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes). - PCI: rockchip-ep: Fix address translation unit programming (git-fixes). - RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559). - RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559). - RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559). - RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559). - RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes) - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes) - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes) - RDMA/bnxt_re: Fix out of bound check (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/hns: Add mutex_destroy() (git-fixes) - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes) - RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes) - RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes) - RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes) - RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes) - RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes) - RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes) - RDMA/hns: Use macro instead of magic number (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes) - RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes). - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/rxe: Fix the qp flush warnings in req (git-fixes) - RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes) - RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: Remove BUG_ON call sites (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (git-fixes). - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes). - USB: chaoskey: fail open after removal (git-fixes). - USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes). - USB: misc: cypress_cy7c63: check for short transfer (git-fixes). - USB: misc: yurex: fix race between read and write (git-fixes). - USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes). - USB: serial: io_edgeport: fix use after free in debug printk (git-fixes). - USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes). - USB: serial: option: add Quectel RG650V (stable-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes). - Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450). - accel/qaic: Fix the for loop used to walk SG table (git-fixes). - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes). - ad7780: fix division by zero in ad7780_write_raw() (git-fixes). - aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704). - amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes). - apparmor: fix 'Do simple duplicate message elimination' (git-fixes). - apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes). - apparmor: use kvfree_sensitive to free data->data (git-fixes). - arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes) - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes) - arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes) - arm64: dts: imx93: add nvmem property for eqos (git-fixes) - arm64: dts: imx93: add nvmem property for fec1 (git-fixes) - arm64: dts: imx93: add ocotp node (git-fixes) - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes) - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes) - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes) - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes) - arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes) - arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes) - arm64: dts: rockchip: remove num-slots property from (git-fixes) - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes) - arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes) - arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes). - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes) - arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes) - arm64: tegra: Move AGX Orin nodes to correct location (git-fixes) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes) - ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes). - ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes). - audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes). - audit: do not take task_lock() in audit_exe_compare() code path (git-fixes). - block: print symbolic error name instead of error code (bsc#1231872). - block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677). - bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes). - bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes). - bnxt_en: Fix the PCI-AER routines (git-fixes). - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes). - bnxt_en: refactor reset close code (git-fixes). - bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes) - bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes) - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix error message on kfunc arg type mismatch (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450). - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193) - btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes). - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes). - can: c_can: fix {rx,tx}_errors statistics (git-fixes). - can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes). - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes). - can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes). - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes). - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: j1939: j1939_session_new(): fix skb reference counting (git-fixes). - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes). - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes). - can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes). - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes). - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes). - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231384). - cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108). - clk: bcm: bcm53573: fix OF node leak in init (stable-fixes). - clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes). - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes). - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes). - clk: imx: clk-scu: fix clk enable state save and restore (git-fixes). - clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes). - clk: imx: fracn-gppll: fix pll power up (git-fixes). - clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes). - clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes). - clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes). - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes). - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes). - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes). - comedi: Flush partial mappings in error case (git-fixes). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - config s390x: build ultravisor userspace access into the kernel (bsc#1232090) - config.sh: Remove Arm build project, we do not build armv7 configs - config: Disable LAM on x86 (bsc#1217845) - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes). - cpufreq: loongson2: Unregister platform_driver on failure (git-fixes). - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes). - crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704). - crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes). - crypto: bcm - add error check in the ahash_hmac_init function (git-fixes). - crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes). - crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes). - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes). - crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes). - crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075) - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes). - crypto: octeontx - Fix authenc setkey (stable-fixes). - crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes). - crypto: octeontx2 - Fix authenc setkey (stable-fixes). - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes). - crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632). - crypto: qat - remove check after debugfs_create_dir() (git-fixes). - crypto: qat - remove faulty arbiter config reset (git-fixes). - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes). - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes). - cxgb4: Properly lock TX queue for the selftest (git-fixes). - cxgb4: add forgotten u64 ivlan cast before shift (git-fixes). - cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes). - cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165). - dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes). - debugfs: fix automount d_fsdata usage (git-fixes). - devlink: Fix command annotation documentation (git-fixes). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dma-fence: Use kernel's sort for merging fences (git-fixes). - dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes). - dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes). - doc: rcu: update printed dynticks counter bits (git-fixes). - driver core: bus: Fix double free in driver API bus_register() (stable-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes). - drm/amd/display: Add disable timeout option (bsc#1231435) - drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes). - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes). - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes). - drm/amd/display: Fix brightness level not retained over reboot (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes). - drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes). - drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Skip to enable dsc if it has been off (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes). - drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes). - drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu/swsmu: Only force workload setup on init (git-fixes). - drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes). - drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes). - drm/amdgpu: Adjust debugfs register access permissions (stable-fixes). - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes). - drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes). - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes). - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes). - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes). - drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes). - drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes). - drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: tc358767: Fix link properties discovery (git-fixes). - drm/bridge: tc358768: Fix DSI command tx (git-fixes). - drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes). - drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes). - drm/i915/gem: fix bitwise and logical AND mixup (git-fixes). - drm/i915/hdcp: fix connector refcounting (git-fixes). - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/mediatek: Fix child node refcount handling in early exit (git-fixes). - drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes). - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes). - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes). - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes). - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes). - drm/msm/gpu: Check the status of registration to PM QoS (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/msm: Fix some typos in comment (git-fixes). - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes). - drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes). - drm/omap: Fix possible NULL dereference (git-fixes). - drm/panfrost: Add missing OPP table refcnt decremental (git-fixes). - drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/sti: avoid potential dereference of error pointers (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes). - drm/v3d: Address race-condition in MMU flush (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes). - drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes). - drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes). - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes). - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes). - drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: use ATOMIC64_INIT() for atomic64_t (git-fixes). - drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes). - drm: zynqmp_kms: Unplug DRM device before removal (git-fixes). - e1000e: Fix S0ix residency on corporate systems (git-fixes). - e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes). - e1000e: change I219 (19) devices to ADP (git-fixes). - e1000e: fix force smbus during suspend flow (git-fixes). - e1000e: move force SMBUS near the end of enable_ulp function (git-fixes). - efi/libstub: Free correct pointer on failure (git-fixes). - efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes). - efi/libstub: zboot.lds: Discard .discard sections (stable-fixes). - efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes). - ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635). - ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636). - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637). - ext4: fix possible tid_t sequence overflows (bsc#1231634). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009). - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640). - ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639). - f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011). - fat: fix uninitialized variable (git-fixes). - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes). - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224088). - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes). - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes). - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes). - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes). - firmware: google: Unregister driver_info on failure (git-fixes). - firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: fix the cache always being enabled on files with qid flags (git-fixes). - fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207) - fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes). - genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes). - goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - gpio: exar: set value when external pull-up or pull-down is present (git-fixes). - gpio: zevio: Add missed label initialisation (git-fixes). - gve: Fix XDP TX completion handling when counters overflow (git-fixes). - gve: Fix an edge case for TSO skb validity check (git-fixes). - gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (max16065) Fix alarm attributes (git-fixes). - hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes). - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes). - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes). - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes). - i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes). - i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes). - i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes). - i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes). - i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes). - i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: i801: add helper i801_restore_regs (git-fixes). - i2c: ismt: kill transaction in hardware on timeout (git-fixes). - i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes). - i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes). - i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes). - i2c: omap: wakeup the controller during suspend() callback (git-fixes). - i2c: rcar: properly format a debug output (git-fixes). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: stm32f7: perform most of irq job in threaded handler (git-fixes). - i2c: synquacer: Deal with optional PCLK correctly (git-fixes). - i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes). - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes). - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i40e: Fix XDP program unloading while removing the driver (git-fixes). - i40e: Report MFS in decimal base instead of hex (git-fixes). - i40e: fix race condition by adding filter's intermediate sync state (git-fixes). - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes). - iavf: Fix TC config comparison with existing adapter TC config (git-fixes). - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes). - ice: Fix checking for unsupported keys on non-tunnel device (git-fixes). - ice: Fix lldp packets dropping after changing the number of channels (git-fixes). - ice: Fix netif_is_ice() in Safe Mode (git-fixes). - ice: Fix package download algorithm (git-fixes). - ice: Fix recipe read procedure (git-fixes). - ice: Fix reset handler (git-fixes). - ice: Flush FDB entries before reset (git-fixes). - ice: Interpret .set_channels() input differently (git-fixes). - ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes). - ice: Reject pin requests with unsupported flags (git-fixes). - ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes). - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes). - ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes). - ice: clear port vlan config during reset (git-fixes). - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes). - ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes). - ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes). - ice: fix 200G PHY types to link speed mapping (git-fixes). - ice: fix 200G link speed message log (git-fixes). - ice: fix ICE_LAST_OFFSET formula (git-fixes). - ice: fix VLAN replay after reset (git-fixes). - ice: fix VSI lists confusion when adding VLANs (git-fixes). - ice: fix accounting for filters shared by multiple VSIs (git-fixes). - ice: fix accounting if a VLAN already exists (git-fixes). - ice: fix iteration of TLVs in Preserved Fields Area (git-fixes). - ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes). - ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes). - ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes). - ice: implement AQ download pkg retry (git-fixes). - ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes). - ice: remove af_xdp_zc_qps bitmap (git-fixes). - ice: replace synchronize_rcu with synchronize_net (git-fixes). - ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes). - ice: set correct dst VSI in only LAN filters (git-fixes). - ice: tc: allow zero flags in parsing tc flower (git-fixes). - ice: tc: check src_vsi in case of traffic from VF (git-fixes). - ice: use proper macro for testing bit (git-fixes). - idpf: Interpret .set_channels() input differently (git-fixes). - idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes). - idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes). - idpf: do not skip over ethtool tcp-data-split setting (git-fixes). - idpf: fix UAFs when destroying the queues (git-fixes). - idpf: fix memleak in vport interrupt configuration (git-fixes). - idpf: fix memory leaks and crashes while performing a soft reset (git-fixes). - ieee802154: Fix build error (git-fixes). - igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes). - igb: Disable threaded IRQ for igb_msix_other (git-fixes). - igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes). - igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes). - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes). - igc: Fix qbv tx latency by setting gtxoffset (git-fixes). - igc: Fix qbv_config_change_errors logics (git-fixes). - igc: Fix reset adapter logics when tx mode change (git-fixes). - igc: Unlock on error in igc_io_resume() (git-fixes). - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes). - iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes). - iio: accel: kx022a: Fix raw read format (git-fixes). - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes). - iio: adc: ad7606: Fix typo in the driver name (git-fixes). - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes). - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes). - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes). - iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes). - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes). - iio: gts: Fix uninitialized symbol 'ret' (git-fixes). - iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: light: veml6030: fix microlux value calculation (git-fixes). - iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes). - iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes). - iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes). - initramfs: avoid filename buffer overrun (bsc#1232436). - intel_idle: add Granite Rapids Xeon support (bsc#1231630). - intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630). - io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes). - io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes). - io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes). - io_uring/net: harden multishot termination case for recv (git-fixes). - io_uring/rw: fix cflags posting for single issue multishot read (git-fixes). - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes). - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes). - io_uring/sqpoll: close race on waiting for sqring entries (git-fixes). - io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes). - io_uring/sqpoll: do not put cpumask on stack (git-fixes). - io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes). - io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes). - iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes). - iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes). - iommu/amd: Fix typo of , instead of ; (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes). - iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes). - iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes). - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes). - jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042). - jbd2: avoid infinite transaction commit loop (bsc#1234039). - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043). - jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040). - jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045). - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638). - jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042). - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044). - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046). - jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041). - jbd2: precompute number of transaction descriptor blocks (bsc#1234042). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - jump_label: Fix static_key_slow_dec() yet again (git-fixes). - kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - kABI workaround for ASoC SOF (bsc#1233305). - kABI: Restore exported __arm_smccc_sve_check (git-fixes) - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes). - kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi). - kasan: Fix Software Tag-Based KASAN with GCC (git-fixes). - kasan: move checks to do_strncpy_from_user (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kconfig: qconf: fix buffer overflow in debug links (git-fixes). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes). - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes). - keys: Fix overwrite of key expiration on instantiation (git-fixes). - kthread: unpark only parked kthread (git-fixes). - leds: lp55xx: Remove redundant test for invalid channel number (git-fixes). - lib/xarray: introduce a new helper xas_get_order (bsc#1231617). - lib: string_helpers: silence snprintf() output truncation warning (git-fixes). - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes). - macsec: do not increment counters for an unrelated SA (git-fixes). - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes). - maple_tree: correct tree corruption on spanning store (git-fixes). - maple_tree: fix alloc node fail issue (git-fixes). - maple_tree: refine mas_store_root() on storing NULL (git-fixes). - media: adv7604: prevent underflow condition when reporting colorspace (git-fixes). - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: amphion: Set video drvdata before register video device (git-fixes). - media: ar0521: do not overflow when checking PLL values (git-fixes). - media: atomisp: Add check for rgby_data memory allocation failure (git-fixes). - media: bttv: use audio defaults for winfast2000 (git-fixes). - media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes). - media: cx24116: prevent overflows on SNR calculus (git-fixes). - media: dvb_frontend: do not play tricks with underflow values (git-fixes). - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes). - media: dvbdev: prevent the risk of out of memory access (git-fixes). - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes). - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: i2c: imx335: Enable regulator supplies (stable-fixes). - media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes). - media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes). - media: imx-jpeg: Set video drvdata before register video device (git-fixes). - media: imx335: Fix reset-gpio handling (git-fixes). - media: mantis: remove orphan mantis_core.h (git-fixes). - media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes). - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes). - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes). - media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes). - media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes). - media: s5p-jpeg: prevent buffer overflows (git-fixes). - media: stb0899_algo: initialize cfr before using it (git-fixes). - media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes). - media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes). - media: uvcvideo: Stop stream during unregister (git-fixes). - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes). - media: v4l2-tpg: prevent the risk of a division by zero (git-fixes). - media: vb2: Fix comment (git-fixes). - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes). - media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes). - mei: use kvmalloc for read buffer (git-fixes). - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes). - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes). - minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes). - minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes). - misc: apds990x: Fix missing pm_runtime_disable() (git-fixes). - mlx5: avoid truncating error message (git-fixes). - mlx5: stop warning for 64KB pages (git-fixes). - mlxbf_gige: disable RX filters until RX path initialized (git-fixes). - mm/filemap: optimize filemap folio adding (bsc#1231617). - mm/filemap: return early if failed to allocate memory for split (bsc#1231617). - mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012). - mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes). - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes). - mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978). - mm: move dummy_vm_ops out of a header (git-fixes prerequisity). - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes). - mm: refactor map_deny_write_exec() (git-fixes). - mm: resolve faulty mmap_region() error path behaviour (git-fixes). - mm: unconditionally close VMAs on error (git-fixes). - mmc: core: Further prevent card detect during shutdown (git-fixes). - mmc: mmc_spi: drop buggy snprintf() (git-fixes). - mmc: sunxi-mmc: Fix A100 compatible description (git-fixes). - modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes). - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes). - modpost: remove incorrect code in do_eisa_entry() (git-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - mtd: rawnand: atmel: Fix possible memory leak (git-fixes). - mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes). - net/mlx5: Added cond_resched() to crdump collection (git-fixes). - net/mlx5: Check capability for fw_reset (git-fixes). - net/mlx5: Check for invalid vector index on EQ creation (git-fixes). - net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes). - net/mlx5: Fix command bitmask initialization (git-fixes). - net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes). - net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes). - net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes). - net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes). - net/mlx5: Unregister notifier on eswitch init failure (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes). - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes). - net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes). - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes). - net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes). - net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes). - net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes). - net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes). - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes). - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes). - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: mdio-ipq4019: add missing error check (git-fixes). - net: phy: Remove LED entry from LEDs list on unregister (git-fixes). - net: phy: bcm84881: Fix some error handling paths (git-fixes). - net: phy: dp83822: Fix reset pin definitions (git-fixes). - net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes). - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes). - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes). - net: qede: use return from qede_parse_actions() (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flower (git-fixes). - net: relax socket state check at accept time (git-fixes). - net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes) - net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes). - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes). - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes). - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes). - net: usb: usbnet: fix name regression (get-fixes). - net: usb: usbnet: fix race in probe failure (git-fixes). - net: wwan: fix global oob in wwan_rtnl_policy (git-fixes). - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes). - net: xfrm: preserve kabi for xfrm_state (bsc#1233754). - netdevsim: copy addresses for both in and out paths (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - netfilter: nf_tables: missing iterator type in lookup walk (git-fixes). - nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes). - nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nilfs2: fix potential deadlock with newly created symlinks (git-fixes). - nouveau/dmem: Fix privileged error in copy engine channel (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes). - nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes). - nouveau: fw: sync dma after setup is called (git-fixes). - nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207) - nvme-fabrics: fix kernel crash while shutting down controller (git-fixes). - nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes). - nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244). - nvme-pci: fix freeing of the HMB descriptor table (git-fixes). - nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvme-pci: reverse request order in nvme_queue_rqs (git-fixes). - nvme-pci: set doorbell config before unquiescing (git-fixes). - nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901). - nvme: null terminate nvme_tls_attrs (git-fixes). - nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes). - nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes). - ocfs2: uncache inode which has failed entering the group (git-fixes). - of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386) - parport: Proper fix for array out-of-bounds access (git-fixes). - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes). - phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes). - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes). - phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes). - phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes). - pinctrl: apple: check devm_kasprintf() returned value (git-fixes). - pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes). - pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes). - pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes). - pinctrl: zynqmp: drop excess struct member description (git-fixes). - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes). - platform/x86/amd/pmc: Detect when STB is not available (git-fixes). - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes). - platform/x86: dell-sysman: add support for alienware products (stable-fixes). - platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes). - platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes). - platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - power: supply: bq27xxx: Fix registers of bq27426 (git-fixes). - power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes). - power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes). - power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes). - powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199). - powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632). - powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632). - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199). - powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199). - powerpc/kexec: Fix return of uninitialized variable (bsc#1194869). - powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869). - powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869). - powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869). - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869). - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869). - powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - printk: Add notation to console_srcu locking (bsc#1232183). - pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes). - qed: avoid truncating work queue length (git-fixes). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623). - regmap: detach regmap from dev on regmap_exit (git-fixes). - regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes). - rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK. - rpm/release-projects: Add SLFO projects (bsc#1231293). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - rpmsg: glink: Handle rejected intent request better (git-fixes). - rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes). - rtc: abx80x: Fix WDT bit position of the status register (git-fixes). - rtc: bbnsm: add remove hook (git-fixes). - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes). - rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes). - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - runtime constants: add default dummy infrastructure (git-fixes). - runtime constants: add x86 architecture support (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629). - s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627). - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes). - scsi: Remove scsi device no_start_on_resume flag (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes). - scsi: core: Disable CDL by default (git-fixes). - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes). - scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpi3mr: Validate SAS port assignments (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes). - scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes). - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes). - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: sr: Fix unintentional arithmetic wraparound (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes). - selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes). - selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - serial: 8250: omap: Move pm_runtime_get_sync (git-fixes). - serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes). - serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes). - signal: Replace BUG_ON()s (bsc#1234093). - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes). - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes). - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes). - spi: Fix acpi deferred irq probe (git-fixes). - spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes). - spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes). - splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes). - splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes). - splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes). - srcu: Fix callbacks acceleration mishandling (git-fixes). - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes). - sumversion: Fix a memory leak in get_src_version() (git-fixes). - supported.conf: mark nhpoly1305 module as supported (bsc#1231035) - supported.conf: mark ultravisor userspace access as supported (bsc#1232090) - task_work: add kerneldoc annotation for 'data' argument (git-fixes). - tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes). - thermal: core: Initialize thermal zones before registering them (git-fixes). - thermal: int3400: Fix reading of current_uuid for active policy (git-fixes). - thermal: intel: int340x: processor: Fix warning during module unload (git-fixes). - thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes). - thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes). - tools/lib/thermal: Fix sampling handler context ptr (git-fixes). - tools/power turbostat: Fix trailing '\n' parsing (git-fixes). - tools/power turbostat: Increase the limit for fd opened (bsc#1233119). - tools: hv: rm .*.cmd when make clean (git-fixes). - tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes). - tpm: fix signed/unsigned bug when checking event logs (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/osnoise: Fix build when timerlat is not enabled (git-fixes). - tracing/osnoise: Skip running osnoise if all instances are off (git-fixes). - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes). - tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes). - tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes). - tracing/timerlat: Add user-space interface (git-fixes). - tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes). - tracing/timerlat: Fix a race during cpuhp processing (git-fixes). - tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes). - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes). - tracing/timerlat: Only clear timer if a kthread exists (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes). - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes). - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460). - unicode: Do not special case ignorable code points (stable-fixes). - unicode: Fix utf8_load() error path (git-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114). - uprobes: turn xol_area->pages into xol_area->page (bsc#1231114). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes). - usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes). - usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes). - usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes). - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes). - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes). - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes). - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes). - usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes). - usb: musb: sunxi: Fix accessing an released usb phy (git-fixes). - usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes). - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes). - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes). - usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usb: yurex: make waiting on yurex_write interruptible (git-fixes). - usbip: tools: Fix detach_port() invalid port error path (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes). - vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes). - vdpa_sim_blk: allocate the buffer zeroed (git-fixes). - vduse: avoid using __GFP_NOFAIL (git-fixes). - vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978). - vmxnet3: Add XDP support (bsc#1226498). - vmxnet3: Fix missing reserved tailroom (bsc#1226498). - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vsock: Update msg_count on read_skb() (git-fixes). - vt: prevent kernel-infoleak in con_font_get() (git-fixes). - watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes). - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes). - watchdog: rti: of: honor timeout-sec property (git-fixes). - wifi: ath10k: Fix memory leak in management tx (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes). - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes). - wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes). - wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: fix crash when unbinding (git-fixes). - wifi: ath12k: fix warning when unbinding (git-fixes). - wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes). - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes). - wifi: brcmfmac: release 'root' node in all execution paths (git-fixes). - wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes). - wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes). - wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes). - wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes). - wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes). - wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes). - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes). - wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes). - wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes). - wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes). - wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes). - wifi: iwlwifi: mvm: use correct key iteration (stable-fixes). - wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes). - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes). - wifi: mac80211: fix RCU list iterations (stable-fixes). - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes). - wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes). - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes). - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes). - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes). - wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes). - wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes). - wifi: rtw89: correct base HT rate mask for firmware (stable-fixes). - wifi: wfx: Fix error handling in wfx_core_init() (git-fixes). - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443). - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes). - x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes). - x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes). - x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes). - x86/apic: Make x2apic_disable() work correctly (git-fixes). - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes). - x86/mm: Use IPIs to synchronize LAM enablement (git-fixes). - x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes). - x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes). - x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Enable CPU topology enumeration (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/traps: move kmsan check after instrumentation_begin (git-fixes). - x86: Increase brk randomness entropy for 64-bit systems (git-fixes). - x86: do the user address masking outside the user access area (git-fixes). - x86: fix off-by-one in access_ok() (git-fixes). - x86: fix user address masking non-canonical speculation issue (git-fixes). - x86: make the masked_user_access_begin() macro use its argument only once (git-fixes). - x86: support user address masking instead of non-speculative conditional (git-fixes). - xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754). - xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754). - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes). - xfs: check shortform attr entry flags specifically (git-fixes). - xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes). - xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes). - xfs: fix freeing speculative preallocations for preallocated files (git-fixes). - xfs: make sure sb_fdblocks is non-negative (git-fixes). - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes). - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes). - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes). - xfs: validate recovered name buffers when recovering xattr items (git-fixes). - xhci: Add a quirk for writing ERST in high-low order (git-fixes). - xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes). - xhci: tegra: fix checked USB2 port number (git-fixes). - zonefs: Improve error handling (git-fixes). The following package changes have been done: - kernel-default-base-6.4.0-24.1.21.4 updated From sle-container-updates at lists.suse.com Mon Feb 17 08:09:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 09:09:56 +0100 (CET) Subject: SUSE-CU-2025:959-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20250217080956.C6345FD2B@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:959-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.3 , suse/manager/5.0/x86_64/server:5.0.3.7.16.1 , suse/manager/5.0/x86_64/server:latest Container Release : 7.16.1 Severity : important Type : security References : 1027642 1047218 1082756 1189451 1193911 1212161 1212985 1213437 1215815 1216091 1216683 1216946 1217338 1219736 1220338 1220494 1220902 1221219 1222447 1222574 1222820 1224318 1226958 1227374 1227644 1227759 1227827 1227852 1227882 1228182 1228182 1228182 1228232 1228261 1228319 1228351 1228690 1228690 1228856 1228956 1229000 1229077 1229079 1229106 1229228 1229286 1229848 1229902 1230502 1230585 1230670 1230741 1230833 1230943 1231053 1231255 1231377 1231378 1231398 1231404 1231430 1231459 1231472 1231762 1232042 1232125 1232227 1232458 1232530 1232713 1233258 1233297 1233383 1233400 1233426 1233431 1233433 1233435 1233450 1233497 1233520 1233595 1233667 1233667 1233696 1233724 1233752 1233760 1233761 1233793 1233871 1233884 1233954 1234015 1234100 1234101 1234102 1234103 1234104 1234214 1234245 1234251 1234313 1234333 1234368 1234384 1234384 1234420 1234420 1234441 1234663 1234664 1234665 1234752 1234765 1234809 1234994 1235145 1235151 1235475 1235636 1235692 1235873 1235895 1235908 1236136 1236267 1236278 1236278 1236460 1236588 1236590 1236596 1236597 1236619 1236705 1236787 1236809 1236878 1236960 CVE-2021-41495 CVE-2022-49043 CVE-2024-11187 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12133 CVE-2024-12705 CVE-2024-12747 CVE-2024-13176 CVE-2024-21528 CVE-2024-45801 CVE-2024-47535 CVE-2024-50379 CVE-2024-52317 CVE-2024-54677 CVE-2024-56326 CVE-2024-56337 CVE-2025-0167 CVE-2025-0725 CVE-2025-0938 CVE-2025-21502 CVE-2025-21502 CVE-2025-24528 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4407-1 Released: Mon Dec 23 09:49:24 2024 Summary: Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative Type: security Severity: moderate References: 1047218,1233297,CVE-2024-47535 This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297) Other fixes: - Upgraded netty to upstream version 4.1.115 - Upgraded netty-tcnative to version 2.0.69 Final - Updated jctools to version 4.0.5 - Updated aalto-xml to version 1.3.3 - Updated moditect to version 1.2.2 - Updated flatten-maven-plugin to version 1.6.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4415-1 Released: Mon Dec 23 20:45:48 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1233520 This update for binutils fixes the following issues: Update to current 2.43.1 branch [PED-10254, PED-10306]: * s390 - Add arch15 instructions * various fixes from upstream: PR32153, PR32171, PR32189, PR32196, PR32191, PR32109, PR32372, PR32387 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:7-1 Released: Thu Jan 2 15:33:50 2025 Summary: Recommended update for sssd Type: recommended Severity: important References: 1234384,1234420 This update for sssd fixes the following issues: - Fix filedescriptor leak related to getpwnam()/getpwuid() to /var/lib/sss/pipes/nss socket; (bsc#1234384) - Revert the change dropping /etc/sssd/conf.d dir (bsc#1234420) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:10-1 Released: Fri Jan 3 14:53:56 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220338,1232227,1234015 This update for systemd fixes the following issues: - Drop support for efivar SystemdOptions (bsc#1220338) - pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227) - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - udev: add new builtin net_driver - udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard() - udev-builtin-net_id: split-out get_pci_slot_specifiers() - udev-builtin-net_id: introduce get_port_specifier() helper function - udev-builtin-net_id: split out get_dev_port() and make its failure critical - udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address() - udev-builtin-net_id: return earlier when hotplug slot is not found - udev-builtin-net_id: skip non-directory entry earlier - udev-builtin-net_id: make names_xen() self-contained - udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim - udev-builtin-net_id: make names_netdevsim() self-contained - udev-builtin-net_id: make names_platform() self-contained - udev-builtin-net_id: make names_vio() self-contained - udev-builtin-net_id: make names_ccw() self-contained - udev-builtin-net_id: make dev_devicetree_onboard() self-contained - udev-builtin-net_id: make names_mac() self-contained - udev-builtin-net_id: split out get_ifname_prefix() - udev-builtin-net_id: swap arguments for streq() and friends - udev-builtin-net_id: drop unused value from NetNameType ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:14-1 Released: Mon Jan 6 07:28:59 2025 Summary: Recommended update for python3-Flask Type: recommended Severity: important References: 1233954 This update for python3-Flask fixes the following issues: - Use alternatives for /usr/bin/flask to avoid conflict with python311-Flask package (bsc#1233954) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:29-1 Released: Tue Jan 7 11:41:20 2025 Summary: Security update for python-Jinja2 Type: security Severity: important References: 1234809,CVE-2024-56326 This update for python-Jinja2 fixes the following issues: - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:42-1 Released: Thu Jan 9 16:04:03 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1219736 This update for permissions fixes the following issues: - Update to version 20240826: * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:77-1 Released: Mon Jan 13 10:43:05 2025 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1235151 This update for curl fixes the following issue: - smtp: for starttls, do full upgrade [bsc#1235151] * Make sure the TLS handshake after a successful STARTTLS command is fully done before further sending/receiving on the connection. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:79-1 Released: Mon Jan 13 12:50:24 2025 Summary: Recommended update for libnl3, ovpn-dco, openVPN Type: recommended Severity: moderate References: 1082756,1189451 This update for libnl3, ovpn-dco, openVPN fixes the following issue: - Update libnl to release 3.9 - Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:135-1 Released: Thu Jan 16 11:20:40 2025 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1234665 This update for glibc fixes the following issues: - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665). - Correctly determine livepatching support. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:156-1 Released: Fri Jan 17 12:59:07 2025 Summary: Security update for rsync Type: security Severity: important References: 1234100,1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100) - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) - CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2025:222-1 Released: Wed Jan 22 12:30:04 2025 Summary: Feature update for zypper, libzypp Type: feature Severity: low References: This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append '-' or '--' to the '' pattern. Note that the edition part must always match exactly. - version 1.14.79 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:225-1 Released: Wed Jan 22 15:31:54 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1234214,1234245,1234333 This update for vim fixes the following issues: - Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245). Package 'xxd' has been obsoleted by Vim, as it provides the xxd files directly. However, because the 'Obsoletes' entry was versioned, depending on which version of 'xxd' that is installed, the 'Obsoletes' isn't actually triggered. Thus, there is a conflict between 'vim' and 'xxd' in these cases. Fixing this by removing the version completely. The 'vim' package should always replace 'xxd', even if people are migrating from an older SLE15 service pack which has the exact same version. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:316-1 Released: Fri Jan 31 19:19:10 2025 Summary: Recommended update for sssd Type: recommended Severity: important References: 1234368,1234384,1234420 This update for sssd fixes the following issues: - Allow multiple services per port (bsc#1234368). - Fix nss socket leaks (bsc#1234384). - Fix missing /etc/sssd/conf.d sub directory (bsc#1234420). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:330-1 Released: Mon Feb 3 11:50:09 2025 Summary: Recommended update for apache2 Type: recommended Severity: moderate References: 1233433 This update for apache2 fixes the following issue: - update-alternatives script not called during httpd update, never triggered from 'zypper dup' (bsc#1233433). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:338-1 Released: Mon Feb 3 16:12:41 2025 Summary: Security update for java-11-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:339-1 Released: Mon Feb 3 16:14:14 2025 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1236278,CVE-2025-21502 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 (January 2025 CPU): Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8071693: Introspector ignores default interface methods - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails - JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with 'RuntimeException: Could not find class leak' - JDK-8268364: jmethod clearing should be done during unloading - JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee - JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN - JDK-8271456: Avoid looking up standard charsets in 'java.desktop' module - JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags - JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags - JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs - JDK-8272746: ZipFile can't open big file (NegativeArraySizeException) - JDK-8273914: Indy string concat changes order of operations - JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution - JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop - JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with 'SocketTimeoutException: Read timed out' - JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test - JDK-8280131: jcmd reports 'Module jdk.jfr not found.' when 'jdk.management.jfr' is missing - JDK-8281379: Assign package declarations to all jtreg test cases under gc - JDK-8282578: AIOOBE in javax.sound.sampled.Clip - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts - JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11 - JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem - JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable - JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer - JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around - JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with 'Test failed: should be unloaded' - JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests - JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023 - JDK-8292309: Fix 'java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java' test - JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes - JDK-8293877: Rewrite MineField test - JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory - JDK-8294726: Update URLs in minefield tests - JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher - JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java - JDK-8295859: Update Manual Test Groups - JDK-8296709: WARNING: JNI call made without checking exceptions - JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker - JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones - JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated - JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP - JDK-8303697: ProcessTools doesn't print last line of process output - JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java - JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally - JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose - JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out - JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate - JDK-8307297: Move some DnD tests to open - JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM - JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1 - JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options - JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI - JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK- - JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests - JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04 - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313638: Add test for dump of resolved references - JDK-8313854: Some tests in serviceability area fail on localized Windows platform - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..) - JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags - JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags - JDK-8314831: NMT tests ignore vm flags - JDK-8315097: Rename createJavaProcessBuilder - JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags - JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm - JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm - JDK-8316446: 4 sun/management/jdp tests ignore VM flags - JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags - JDK-8316464: 3 sun/tools tests ignore VM flags - JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829 - JDK-8316581: Improve performance of Symbol::print_value_on() - JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm - JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm - JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm - JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' - JDK-8318964: Fix build failures caused by 8315097 - JDK-8319574: Exec/process tests should be marked as flagless - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319651: Several network tests ignore vm flags when start java process - JDK-8319817: Charset constructor should make defensive copy of aliases - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320675: PrinterJob/SecurityDialogTest.java hangs - JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321543: Update NSS to version 3.96 - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322766: Micro bench SSLHandshake should use default algorithms - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 - JDK-8324841: PKCS11 tests still skip execution - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325616: JFR ZGC Allocation Stall events should record stack traces - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8326948: Force English locale for timeout formatting - JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug - JDK-8327474: Review use of java.io.tmpdir in jdk tests - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8328957: Update PKCS11Test.java to not use hardcoded path - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330464: hserr generic events - add entry for the before_exit calls - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8330814: Cleanups for KeepAliveCache tests - JDK-8331142: Add test for number of loader threads in BasicDirectoryModel - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS - JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock - JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only - JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer - JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' - JDK-8331863: DUIterator_Fast used before it is constructed - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null - JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' - JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int' - JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335904: Fix invalid comment in ShenandoahLock - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336342: Fix known X11 library locations in sysroot - JDK-8336343: Add more known sysroot library locations for ALSA - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338286: GHA: Demote x86_32 to hotspot build only - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags - JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8 - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:348-1 Released: Tue Feb 4 08:10:23 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1236460,CVE-2022-49043 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:355-1 Released: Tue Feb 4 13:59:25 2025 Summary: Security update for bind Type: security Severity: important References: 1236596,1236597,CVE-2024-11187,CVE-2024-12705 This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:358-1 Released: Wed Feb 5 10:06:22 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1235873 This update for permissions fixes the following issues: - Version update 20240826: * permissions: remove legacy and nonsensical entries. * permissions: remove traceroute entry. * permissions: remove outdated sudo directories. * permissions: remove legacy RPM directory entries. * permissions: remove some static /var/spool/* dirs. * permissions: remove unnecessary static dirs and devices (bsc#1235873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:58-1 Released: Wed Feb 5 11:33:59 2025 Summary: Security update for tomcat Type: security Severity: important References: 1233435,1234663,1234664,1236809,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677,CVE-2024-56337 This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application (bsc#1234664) + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435) - Catalina + Add: Add option to serve resources from subpath only with WebDAV Servlet like with DefaultServlet. (michaelo) + Fix: Add special handling for the protocols attribute of SSLHostConfig in storeconfig. (remm) + Fix: 69442: Fix case sensitive check on content-type when parsing request parameters. (remm) + Code: Refactor duplicate code for extracting media type and subtype from content-type into a single method. (markt) + Fix: Compatibility of generated embedded code with components where constructors or property related methods throw a checked exception. (remm) + Fix: The previous fix for inconsistent resource metadata during concurrent reads and writes was incomplete. (markt) + Fix: 69444: Ensure that the javax.servlet.error.message request attribute is set when an application defined error page is called. (markt) + Fix: Avoid quotes for numeric values in the JSON generated by the status servlet. (remm) + Add: Add strong ETag support for the WebDAV and default servlet, which can be enabled by using the useStrongETags init parameter with a value set to true. The ETag generated will be a SHA-1 checksum of the resource content. (remm) + Fix: Use client locale for directory listings. (remm) + Fix: 69439: Improve the handling of multiple Cache-Control headers in the ExpiresFilter. Based on pull request #777 by Chenjp. (markt) + Fix: 69447: Update the support for caching classes the web application class loader cannot find to take account of classes loaded from external repositories. Prior to this fix, these classes could be incorrectly marked as not found. (markt) + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by users will not be removed and any header present in a HEAD request will also be present in the equivalent GET request. There may be some headers, as per RFC 9110, section 9.3.2, that are present in a GET request that are not present in the equivalent HEAD request. (markt) + Fix: 69471: Log instances of CloseNowException caught by ApplicationDispatcher.invoke() at debug level rather than error level as they are very likely to have been caused by a client disconnection or similar I/O issue. (markt) + Add: Add a test case for the fix for 69442. Also refactor references to application/x-www-form-urlencoded. Based on pull request #779 by Chenjp. (markt) + Fix: 69476: Catch possible ISE when trying to report PUT failure in the DefaultServlet. (remm) + Add: Add support for RateLimit header fields for HTTP (draft) in the RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt) + Add: #787: Add regression tests for 69478. Pull request provided by Thomas Krisch. (markt) + Fix: The default servlet now rejects HTTP range requests when two or more of the requested ranges overlap. Based on pull request #782 provided by Chenjp. (markt) + Fix: Enhance Content-Range verification for partial PUT requests handled by the default servlet. Provided by Chenjp in pull request #778. (markt) + Fix: Harmonize DataSourceStore lookup in the global resources to optionally avoid the comp/env prefix which is usually not used there. (remm) + Fix: As required by RFC 9110, the HTTP Range header will now only be processed for GET requests. Based on pull request #790 provided by Chenjp. (markt) + Fix: Deprecate the useAcceptRanges initialisation parameter for the default servlet. It will be removed in Tomcat 12 onwards where it will effectively be hard coded to true. (markt) + Add: Add DataSource based property storage for the WebdavServlet. (remm) - Coyote + Fix: Align encodedSolidusHandling with the Servlet specification. If the pass-through mode is used, any %25 sequences will now also be passed through to avoid errors and/or corruption when the application decodes the path. (markt) - Jasper + Fix: Further optimise EL evaluation of method parameters. Patch provided by Paolo B. (markt) + Fix: Follow-up to the fix for 69381. Apply the optimisation for method lookup performance in expression language to an additional location. (markt) - Web applications + Fix: Documentation. Remove references to the ResourceParams element. Support for ResourceParams was removed in Tomcat 5.5.x. (markt) + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter. The attribute is internalProxies rather than allowedInternalProxies. Pull request #786 (markt) + Fix: Examples. Fix broken links when Servlet Request Info example is called via a URL that includes a pathInfo component. (markt) + Fix: Examples. Expand the obfuscation of session cookie values in the request header example to JSON responses. (markt) + Add: Examples. Add the ability to delete session attributes in the servlet session example. (markt) + Add: Examples. Add a hard coded limit of 10 attributes per session for the servlet session example. (markt) + Add: Examples. Add the ability to delete session attributes and add a hard coded limit of 10 attributes per session for the JSP form authentication example. (markt) + Add: Examples. Limit the shopping cart example to only allow adding the pre-defined items to the cart. (markt) + Fix: Examples. Remove JSP calendar example. (markt) - Other + Fix: 69465: Fix warnings during native image compilation using the Tomcat embedded JARs. (markt) + Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt) + Update: Update EasyMock to 5.5.0. (markt) + Update: Update Checkstyle to 10.20.2. (markt) + Update: Update BND to 7.1.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Korean translations. (markt) + Add: Improvements to Chinese translations. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:367-1 Released: Wed Feb 5 14:25:31 2025 Summary: Recommended update for gcc7 Type: recommended Severity: moderate References: 1236267 This update for gcc7 fixes the following issues: - Fix vec_madd and vec_msub vector intrinsics on s390x. [bsc#1236267] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:404-1 Released: Mon Feb 10 12:49:48 2025 Summary: Security update for rsync Type: security Severity: moderate References: 1233760 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:424-1 Released: Tue Feb 11 11:31:10 2025 Summary: Security update for python3-numpy Type: security Severity: moderate References: 1193911,1236787,CVE-2021-41495 This update for python3-numpy fixes the following issues: - CVE-2021-41495: missing return value validation can lead to null pointer dereference. (bsc#1193911) Other bug fixes: - Correction of advance in PCG with emulated int128. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:433-1 Released: Tue Feb 11 17:40:33 2025 Summary: Recommended update for skelcd Type: recommended Severity: moderate References: This update for skelcd fixes the following issues: - add SUSE logo into BCI skelcd (jsc#PED-12111) - Update EULA with SLE BCI section (jsc#SLE-18082) Else in case beta EULAs have a more recent date than final EULAs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:438-1 Released: Wed Feb 12 06:06:59 2025 Summary: Recommended update for bouncycastle, jsch, ed25519-java Type: recommended Severity: moderate References: This update for bouncycastle, jsch and ed25519-java fixes the following issues: bouncycastle was updated from version 1.78 to 1.79: - Bugfixes to address issues with: * Ed25519 signatures * Elephant cipher handling of large messages * CMSSignedData signer replacement * ERSInputStreamData hashing * CRL loading * EC curve name lookups * PhotonBeetle and Xoodyak digest resetting * OCSP caching * Java 21 provider service handling * CMS version calculation * Incorrect PGP armored output version strings * PGP algorithm lookups - New Features and Functionalities: * Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA. * The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API. * A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA. * BCJSSE: Added support for security property 'jdk.tls.server.defaultDHEParameters' (disabled in FIPS mode). * BCJSSE: Added support for signature_algorithms_cert configuration via 'org.bouncycastle.jsse.client.SignatureSchemesCert' and 'org.bouncycastle.jsse.server.SignatureSchemesCert' system properties or BCSSLParameters property 'SignatureSchemesCert'. * BCJSSE: Added support for boolean system property 'org.bouncycastle.jsse.fips.allowGCMCiphersIn12' (false by default). * (D)TLS: Removed redundant verification of self-generated RSA signatures. * CompositePrivateKeys now support the latest revision of the composite signature draft. * Delta Certificates now support the latest revision of the delta certificate extension draft. * A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API. * Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API. * Support for Version 6 signatures, including salts, has been added to the PGP API. * Support for the PreferredKeyServer signature supacket has been added to the PGP API. * Support for RFC 9269, 'Using KEMs in Cryptographic Message Syntax (CMS)', has been added to the CMS API. * Support for the Argon2 S2K has been added to the PGP API. * The system property 'org.bouncycastle.pemreader.lax' has been introduced for situations where the BC PEM parsing is now too strict. * The system property 'org.bouncycastle.ec.disable_f2m' has been introduced to allow F2m EC support to be disabled. jsch was updated from version 0.2.15 to 0.2.22: - Key changes across these versions: * Authentication and logging improvements * Date handling improvements using java.time classes * DHGEX prime modulus enforcement * Expanded KEX algorithm support, this requires Bouncy Castle * Fixed a GSSAPI authentication issue * Fixed possible rekeying timeouts * Fixed SignatureECDSAN private key handling * Improved handling of negated patterns * Introduction of JSchProxyException * Modernized fingerprint output * More accurate ext-info logging * PBKDF2 algorithm additions (SHA512/256 & SHA512/224) ed25519-java: - Fixed minor build issues ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-Manager-5.0-2025-523 Released: Fri Feb 14 08:15:57 2025 Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1027642,1212161,1212985,1213437,1215815,1216683,1216946,1217338,1220494,1220902,1221219,1222447,1222574,1222820,1224318,1226958,1227374,1227644,1227759,1227827,1227852,1227882,1228182,1228232,1228261,1228319,1228351,1228856,1228956,1229000,1229077,1229079,1229286,1229848,1229902,1230502,1230585,1230670,1230741,1230833,1230943,1231053,1231255,1231377,1231378,1231398,1231404,1231430,1231459,1231762,1232042,1232125,1232530,1232713,1233258,1233383,1233400,1233426,1233431,1233450,1233497,1233595,1233696,1233724,1233761,1233793,1233871,1233884,1234251,1234441,1234994,1235145,1235692,1235908,CVE-2024-21528,CVE-2024-45801 Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:543-1 Released: Fri Feb 14 08:22:40 2025 Summary: Recommended update for salt Type: recommended Severity: important References: 1228182,1228690,1233667 This update for salt fixes the following issues: - Revert setting SELinux context for minion service (bsc#1233667) - Removed System V init support - Fix the condition of alternatives for Tumbleweed and Leap 16 - Build all python bindings for all flavors - Make minion reconnecting on changing master IP (bsc#1228182) - Handle logger exception when flushing already closed file - Include passlib as a recommended dependency - Make Salt Bundle more tolerant to long running jobs (bsc#1228690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:544-1 Released: Fri Feb 14 08:23:37 2025 Summary: Recommended update for salt Type: recommended Severity: important References: 1228182,1228690,1233667 This update for salt fixes the following issues: - Revert setting SELinux context for minion service (bsc#1233667) - Removed System V init support - Fix the condition of alternatives for Tumbleweed and Leap 16 - Build all python bindings for all flavors - Make minion reconnecting on changing master IP (bsc#1228182) - Handle logger exception when flushing already closed file - Include passlib as a recommended dependency - Make Salt Bundle more tolerant to long running jobs (bsc#1228690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - libtasn1-4.13-150000.4.11.1 updated - permissions-20240826-150600.10.18.2 updated - glibc-2.38-150600.14.20.3 updated - libtasn1-6-4.13-150000.4.11.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libxml2-2-2.10.3-150500.5.20.1 updated - openssl-3-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - libzypp-17.35.19-150600.3.44.1 updated - libasan4-7.5.0+r278197-150000.4.44.1 updated - branch-network-formula-0.1.1728559936.c16d4fb-150600.3.3.3 updated - zypper-1.14.81-150600.10.22.1 updated - libcilkrts5-7.5.0+r278197-150000.4.44.1 updated - libctf-nobfd0-2.43-150100.7.52.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - libudev1-254.23-150600.4.25.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - glibc-locale-base-2.38-150600.14.20.3 updated - libsystemd0-254.23-150600.4.25.1 updated - systemd-254.23-150600.4.25.1 updated - curl-8.6.0-150600.4.21.1 updated - libipa_hbac0-2.9.3-150600.3.18.3 updated - libnl-config-3.9.0-150600.15.4.4 updated - libsss_idmap0-2.9.3-150600.3.18.3 updated - libsss_nss_idmap0-2.9.3-150600.3.18.3 updated - libubsan0-7.5.0+r278197-150000.4.44.1 updated - libxml2-tools-2.10.3-150500.5.20.1 updated - pxe-formula-0.3.0-150600.3.3.3 updated - release-notes-susemanager-5.0.3-150600.11.24.1 updated - skelcd-EULA-suse-manager-server-container-20250207-150600.3.3.1 updated - susemanager-schema-utility-5.0.13-150600.3.9.3 updated - uyuni-config-modules-5.0.12-150600.3.9.3 updated - vim-data-common-9.1.0836-150500.20.18.1 updated - woodstox-4.4.2-150600.3.3.3 updated - glibc-locale-2.38-150600.14.20.3 updated - libctf0-2.43-150100.7.52.1 updated - binutils-2.43-150100.7.52.1 updated - libnl3-200-3.9.0-150600.15.4.4 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - python3-curses-3.6.15-150300.10.81.1 updated - libgfortran4-7.5.0+r278197-150000.4.44.1 updated - libsss_certmap0-2.9.3-150600.3.18.3 updated - bind-utils-9.18.33-150600.3.6.1 updated - glibc-devel-2.38-150600.14.20.3 updated - susemanager-docs_en-5.0.3-150600.11.9.3 updated - spacewalk-java-lib-5.0.19-150600.3.14.4 updated - vim-9.1.0836-150500.20.18.1 updated - apache2-prefork-2.4.58-150600.5.32.2 updated - cpp7-7.5.0+r278197-150000.4.44.1 updated - python3-netaddr-0.7.19-150400.9.3.1 updated - susemanager-docs_en-pdf-5.0.3-150600.11.9.3 updated - susemanager-schema-5.0.13-150600.3.9.3 updated - susemanager-sync-data-5.0.9-150600.3.11.3 updated - rsync-3.2.7-150600.3.11.1 updated - apache2-2.4.58-150600.5.32.2 updated - gcc7-7.5.0+r278197-150000.4.44.1 updated - python3-libxml2-2.10.3-150500.5.20.1 updated - python3-numpy-1.17.3-150400.31.1 updated - sssd-ldap-2.9.3-150600.3.18.3 updated - sssd-2.9.3-150600.3.18.3 updated - sssd-krb5-common-2.9.3-150600.3.18.3 updated - supportutils-plugin-salt-1.2.3-150600.4.3.3 updated - java-17-openjdk-headless-17.0.14.0-150400.3.51.1 updated - java-11-openjdk-headless-11.0.26.0-150000.3.122.1 updated - susemanager-build-keys-15.5.3-150600.5.6.3 updated - grub2-powerpc-ieee1275-2.12-150600.8.12.1 added - grub2-arm64-efi-2.12-150600.8.12.1 added - spacecmd-5.0.11-150600.4.9.3 updated - python3-Jinja2-2.10.1-150000.3.18.1 updated - spacewalk-backend-sql-postgresql-5.0.11-150600.4.9.5 updated - sssd-krb5-2.9.3-150600.3.18.3 updated - sssd-dbus-2.9.3-150600.3.18.3 updated - python3-sssd-config-2.9.3-150600.3.18.3 updated - sssd-ad-2.9.3-150600.3.18.3 updated - tomcat-servlet-4_0-api-9.0.98-150200.74.1 updated - tomcat-el-3_0-api-9.0.98-150200.74.1 updated - jsch-0.2.22-150200.11.16.2 updated - jctools-4.0.5-150200.3.9.1 updated - aalto-xml-1.3.3-150200.5.3.1 added - java-17-openjdk-17.0.14.0-150400.3.51.1 updated - java-11-openjdk-11.0.26.0-150000.3.122.1 updated - spacewalk-base-minimal-5.0.16-150600.3.13.5 updated - susemanager-build-keys-web-15.5.3-150600.5.6.3 updated - spacewalk-config-5.0.5-150600.3.6.3 updated - python3-Flask-1.0.4-150400.10.1 updated - sssd-tools-2.9.3-150600.3.18.3 updated - sssd-ipa-2.9.3-150600.3.18.3 updated - tomcat-jsp-2_3-api-9.0.98-150200.74.1 updated - netty-4.1.115-150200.4.26.1 updated - spacewalk-base-minimal-config-5.0.16-150600.3.13.5 updated - tomcat-lib-9.0.98-150200.74.1 updated - spacewalk-backend-5.0.11-150600.4.9.5 updated - python3-spacewalk-client-tools-5.0.8-150600.4.6.3 updated - spacewalk-client-tools-5.0.8-150600.4.6.3 updated - spacewalk-base-5.0.16-150600.3.13.5 updated - spacewalk-search-5.0.3-150600.3.3.3 updated - salt-3006.0-150500.4.47.1 updated - python3-salt-3006.0-150500.4.47.1 updated - spacewalk-backend-sql-5.0.11-150600.4.9.5 updated - tomcat-9.0.98-150200.74.1 updated - salt-master-3006.0-150500.4.47.1 updated - cobbler-3.3.3-150600.5.11.3 updated - spacewalk-backend-server-5.0.11-150600.4.9.5 updated - susemanager-sls-5.0.12-150600.3.9.3 updated - spacewalk-java-postgresql-5.0.19-150600.3.14.4 updated - spacewalk-java-config-5.0.19-150600.3.14.4 updated - salt-api-3006.0-150500.4.47.1 updated - locale-formula-0.4.0-150600.3.3.3 updated - spacewalk-backend-xmlrpc-5.0.11-150600.4.9.5 updated - spacewalk-backend-xml-export-libs-5.0.11-150600.4.9.5 updated - spacewalk-backend-package-push-server-5.0.11-150600.4.9.5 updated - spacewalk-backend-iss-5.0.11-150600.4.9.5 updated - spacewalk-backend-app-5.0.11-150600.4.9.5 updated - saltboot-formula-0.1.1728559936.c16d4fb-150600.3.3.3 updated - spacewalk-html-5.0.16-150600.3.13.5 updated - spacewalk-taskomatic-5.0.19-150600.3.14.4 updated - spacewalk-java-5.0.19-150600.3.14.4 updated - spacewalk-backend-iss-export-5.0.11-150600.4.9.5 updated - susemanager-tools-5.0.11-150600.3.9.3 updated - spacewalk-backend-tools-5.0.11-150600.4.9.5 updated - supportutils-plugin-susemanager-5.0.5-150600.3.6.3 updated - spacewalk-utils-5.0.6-150600.3.6.3 updated - spacewalk-setup-5.0.7-150600.3.6.3 updated - susemanager-5.0.11-150600.3.9.3 updated - container:suse-manager-5.0-init-5.0.3-5.0.3-7.9.5 added - container:suse-manager-5.0-init-5.0.2-5.0.2-7.6.16 removed - dwr-3.0.2-0.150600.10.5 removed - python3-jmespath-0.9.3-150000.3.5.1 removed - python3-ply-3.10-150000.3.5.1 removed - python3-simplejson-3.17.2-150300.3.4.1 removed From sle-container-updates at lists.suse.com Mon Feb 17 15:03:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 17 Feb 2025 16:03:47 +0100 (CET) Subject: SUSE-CU-2025:997-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250217150347.CA670FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:997-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.31.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 31.16 Severity : important Type : security References : 1012628 1194869 1215199 1216813 1218470 1220711 1221326 1222803 1224049 1225897 1226980 1228592 1229833 1231016 1231088 1231472 1232087 1232101 1232158 1232161 1232421 1232882 1233055 1233112 1233221 1233248 1233259 1233260 1233488 1233522 1233638 1233642 1233778 1234195 1234619 1234635 1234683 1234693 1234726 1234825 1234863 1234887 1234888 1234893 1234898 1234901 1234906 1234923 1234931 1234934 1234947 1234957 1235000 1235001 1235011 1235031 1235032 1235035 1235037 1235038 1235039 1235040 1235042 1235043 1235046 1235050 1235051 1235053 1235054 1235057 1235059 1235065 1235070 1235073 1235100 1235112 1235115 1235117 1235122 1235123 1235125 1235132 1235133 1235155 1235160 1235217 1235219 1235220 1235222 1235223 1235224 1235227 1235230 1235241 1235244 1235249 1235251 1235252 1235389 1235390 1235391 1235406 1235410 1235412 1235413 1235415 1235416 1235417 1235418 1235423 1235424 1235425 1235426 1235427 1235428 1235429 1235430 1235433 1235437 1235439 1235441 1235444 1235445 1235449 1235451 1235454 1235458 1235459 1235464 1235466 1235473 1235479 1235480 1235483 1235486 1235487 1235488 1235489 1235491 1235494 1235495 1235496 1235497 1235498 1235500 1235502 1235503 1235519 1235520 1235521 1235523 1235526 1235528 1235532 1235533 1235534 1235537 1235538 1235545 1235552 1235555 1235557 1235563 1235564 1235565 1235568 1235570 1235571 1235577 1235578 1235582 1235583 1235584 1235587 1235611 1235612 1235616 1235622 1235627 1235632 1235635 1235638 1235641 1235643 1235645 1235646 1235647 1235650 1235653 1235656 1235657 1235663 1235686 1235700 1235705 1235707 1235708 1235710 1235714 1235716 1235720 1235723 1235727 1235730 1235737 1235739 1235745 1235747 1235750 1235753 1235759 1235764 1235768 1235776 1235777 1235778 1235779 1235793 1235798 1235806 1235808 1235812 1235814 1235818 1235842 1235865 1235874 1235894 1235902 1235903 1235906 1235914 1235918 1235919 1235920 1235924 1235940 1235941 1235946 1235948 1235952 1235964 1235965 1235967 1235969 1235976 1235977 1236078 1236080 1236082 1236088 1236090 1236091 1236096 1236097 1236098 1236101 1236102 1236104 1236106 1236120 1236125 1236127 1236131 1236136 1236138 1236143 1236144 1236145 1236160 1236161 1236163 1236168 1236178 1236180 1236181 1236182 1236190 1236192 1236198 1236227 1236245 1236247 1236248 1236260 1236262 1236619 1236628 1236680 1236683 1236685 1236688 1236694 1236696 1236698 1236703 1236705 1236732 1236733 1236757 1236758 1236760 1236761 1236960 CVE-2023-52489 CVE-2023-52923 CVE-2024-13176 CVE-2024-26810 CVE-2024-36476 CVE-2024-39282 CVE-2024-43913 CVE-2024-45828 CVE-2024-46858 CVE-2024-46896 CVE-2024-47141 CVE-2024-47143 CVE-2024-47809 CVE-2024-48873 CVE-2024-48881 CVE-2024-49569 CVE-2024-49948 CVE-2024-49951 CVE-2024-49978 CVE-2024-49998 CVE-2024-50051 CVE-2024-50106 CVE-2024-50151 CVE-2024-50199 CVE-2024-50251 CVE-2024-50258 CVE-2024-50299 CVE-2024-50304 CVE-2024-52332 CVE-2024-53091 CVE-2024-53095 CVE-2024-53164 CVE-2024-53168 CVE-2024-53170 CVE-2024-53172 CVE-2024-53175 CVE-2024-53185 CVE-2024-53187 CVE-2024-53194 CVE-2024-53195 CVE-2024-53196 CVE-2024-53197 CVE-2024-53198 CVE-2024-53203 CVE-2024-53227 CVE-2024-53230 CVE-2024-53231 CVE-2024-53232 CVE-2024-53233 CVE-2024-53236 CVE-2024-53239 CVE-2024-53685 CVE-2024-53690 CVE-2024-54680 CVE-2024-55639 CVE-2024-55881 CVE-2024-55916 CVE-2024-56369 CVE-2024-56372 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56538 CVE-2024-56543 CVE-2024-56546 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56568 CVE-2024-56569 CVE-2024-56570 CVE-2024-56571 CVE-2024-56572 CVE-2024-56573 CVE-2024-56574 CVE-2024-56575 CVE-2024-56577 CVE-2024-56578 CVE-2024-56584 CVE-2024-56587 CVE-2024-56588 CVE-2024-56589 CVE-2024-56590 CVE-2024-56592 CVE-2024-56593 CVE-2024-56594 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56598 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56603 CVE-2024-56606 CVE-2024-56607 CVE-2024-56608 CVE-2024-56609 CVE-2024-56610 CVE-2024-56611 CVE-2024-56614 CVE-2024-56615 CVE-2024-56616 CVE-2024-56617 CVE-2024-56619 CVE-2024-56620 CVE-2024-56622 CVE-2024-56623 CVE-2024-56625 CVE-2024-56629 CVE-2024-56630 CVE-2024-56631 CVE-2024-56632 CVE-2024-56634 CVE-2024-56635 CVE-2024-56636 CVE-2024-56637 CVE-2024-56641 CVE-2024-56642 CVE-2024-56643 CVE-2024-56644 CVE-2024-56648 CVE-2024-56649 CVE-2024-56650 CVE-2024-56651 CVE-2024-56654 CVE-2024-56656 CVE-2024-56658 CVE-2024-56659 CVE-2024-56660 CVE-2024-56661 CVE-2024-56662 CVE-2024-56663 CVE-2024-56664 CVE-2024-56665 CVE-2024-56670 CVE-2024-56672 CVE-2024-56675 CVE-2024-56677 CVE-2024-56678 CVE-2024-56679 CVE-2024-56681 CVE-2024-56683 CVE-2024-56687 CVE-2024-56688 CVE-2024-56690 CVE-2024-56691 CVE-2024-56693 CVE-2024-56694 CVE-2024-56698 CVE-2024-56700 CVE-2024-56701 CVE-2024-56704 CVE-2024-56705 CVE-2024-56707 CVE-2024-56708 CVE-2024-56709 CVE-2024-56712 CVE-2024-56715 CVE-2024-56716 CVE-2024-56722 CVE-2024-56723 CVE-2024-56724 CVE-2024-56725 CVE-2024-56726 CVE-2024-56727 CVE-2024-56728 CVE-2024-56729 CVE-2024-56739 CVE-2024-56741 CVE-2024-56745 CVE-2024-56746 CVE-2024-56747 CVE-2024-56748 CVE-2024-56759 CVE-2024-56760 CVE-2024-56763 CVE-2024-56765 CVE-2024-56766 CVE-2024-56767 CVE-2024-56769 CVE-2024-56774 CVE-2024-56775 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-56779 CVE-2024-56780 CVE-2024-56787 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57795 CVE-2024-57798 CVE-2024-57801 CVE-2024-57802 CVE-2024-57804 CVE-2024-57809 CVE-2024-57838 CVE-2024-57849 CVE-2024-57850 CVE-2024-57857 CVE-2024-57874 CVE-2024-57876 CVE-2024-57882 CVE-2024-57884 CVE-2024-57887 CVE-2024-57888 CVE-2024-57890 CVE-2024-57892 CVE-2024-57893 CVE-2024-57896 CVE-2024-57897 CVE-2024-57899 CVE-2024-57903 CVE-2024-57904 CVE-2024-57906 CVE-2024-57907 CVE-2024-57908 CVE-2024-57910 CVE-2024-57911 CVE-2024-57912 CVE-2024-57913 CVE-2024-57915 CVE-2024-57916 CVE-2024-57917 CVE-2024-57922 CVE-2024-57926 CVE-2024-57929 CVE-2024-57931 CVE-2024-57932 CVE-2024-57933 CVE-2024-57935 CVE-2024-57936 CVE-2024-57938 CVE-2024-57940 CVE-2024-57946 CVE-2025-0938 CVE-2025-21632 CVE-2025-21645 CVE-2025-21646 CVE-2025-21649 CVE-2025-21650 CVE-2025-21651 CVE-2025-21652 CVE-2025-21653 CVE-2025-21655 CVE-2025-21656 CVE-2025-21662 CVE-2025-21663 CVE-2025-21664 CVE-2025-21666 CVE-2025-21669 CVE-2025-21670 CVE-2025-21674 CVE-2025-21675 CVE-2025-21676 CVE-2025-21678 CVE-2025-21682 CVE-2025-24528 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:430-1 Released: Tue Feb 11 15:13:32 2025 Summary: Security update for openssl-3 Type: security Severity: moderate References: 1236136,CVE-2024-13176 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:499-1 Released: Thu Feb 13 09:14:42 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1194869,1215199,1216813,1218470,1220711,1221326,1222803,1224049,1225897,1226980,1228592,1229833,1231016,1231088,1232087,1232101,1232158,1232161,1232421,1232882,1233055,1233112,1233221,1233248,1233259,1233260,1233488,1233522,1233638,1233642,1233778,1234195,1234619,1234635,1234683,1234693,1234726,1234825,1234863,1234887,1234888,1234893,1234898,1234901,1234906,1234923,1234931,1234934,1234947,1234957,1235000,1235001,1235011,1235031,1235032,1235035,1235037,1235038,1235039,1235040,1235042,1235043,1235046,1235050,1235051,1235053,1235054,1235057,1235059,1235065,1235070,1235073,1235100,1235112,1235115,1235117,1235122,1235123,1235125,1235132,1235133,1235155,1235160,1235217,1235219,1235220,1235222,1235223,1235224,1235227,1235230,1235241,1235244,1235249,1235251,1235252,1235389,1235390,1235391,1235406,1235410,1235412,1235413,1235415,1235416,1235417,1235418,1235423,1235424,1235425,1235426,1235427,1235428,1235429,1235430,1235433,1235437,1235439,1235441,1235444,1235445,1235449,1 235451,1235454,1235458,1235459,1235464,1235466,1235473,1235479,1235480,1235483,1235486,1235487,1235488,1235489,1235491,1235494,1235495,1235496,1235497,1235498,1235500,1235502,1235503,1235519,1235520,1235521,1235523,1235526,1235528,1235532,1235533,1235534,1235537,1235538,1235545,1235552,1235555,1235557,1235563,1235564,1235565,1235568,1235570,1235571,1235577,1235578,1235582,1235583,1235584,1235587,1235611,1235612,1235616,1235622,1235627,1235632,1235635,1235638,1235641,1235643,1235645,1235646,1235647,1235650,1235653,1235656,1235657,1235663,1235686,1235700,1235705,1235707,1235708,1235710,1235714,1235716,1235720,1235723,1235727,1235730,1235737,1235739,1235745,1235747,1235750,1235753,1235759,1235764,1235768,1235776,1235777,1235778,1235779,1235793,1235798,1235806,1235808,1235812,1235814,1235818,1235842,1235865,1235874,1235894,1235902,1235903,1235906,1235914,1235918,1235919,1235920,1235924,1235940,1235941,1235946,1235948,1235952,1235964,1235965,1235967,1235969,1235976,1235977,1236078,123608 0,1236082,1236088,1236090,1236091,1236096,1236097,1236098,1236101,1236102,1236104,1236106,1236120,1236125,1236127,1236131,1236138,1236143,1236144,1236145,1236160,1236161,1236163,1236168,1236178,1236180,1236181,1236182,1236190,1236192,1236198,1236227,1236245,1236247,1236248,1236260,1236262,1236628,1236680,1236683,1236685,1236688,1236694,1236696,1236698,1236703,1236732,1236733,1236757,1236758,1236760,1236761,CVE-2023-52489,CVE-2023-52923,CVE-2024-26810,CVE-2024-36476,CVE-2024-39282,CVE-2024-43913,CVE-2024-45828,CVE-2024-46858,CVE-2024-46896,CVE-2024-47141,CVE-2024-47143,CVE-2024-47809,CVE-2024-48873,CVE-2024-48881,CVE-2024-49569,CVE-2024-49948,CVE-2024-49951,CVE-2024-49978,CVE-2024-49998,CVE-2024-50051,CVE-2024-50106,CVE-2024-50151,CVE-2024-50199,CVE-2024-50251,CVE-2024-50258,CVE-2024-50299,CVE-2024-50304,CVE-2024-52332,CVE-2024-53091,CVE-2024-53095,CVE-2024-53164,CVE-2024-53168,CVE-2024-53170,CVE-2024-53172,CVE-2024-53175,CVE-2024-53185,CVE-2024-53187,CVE-2024-53194,CVE-2024-53195,CV E-2024-53196,CVE-2024-53197,CVE-2024-53198,CVE-2024-53203,CVE-2024-53227,CVE-2024-53230,CVE-2024-53231,CVE-2024-53232,CVE-2024-53233,CVE-2024-53236,CVE-2024-53239,CVE-2024-53685,CVE-2024-53690,CVE-2024-54680,CVE-2024-55639,CVE-2024-55881,CVE-2024-55916,CVE-2024-56369,CVE-2024-56372,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56538,CVE-2024-56543,CVE-2024-56546,CVE-2024-56548,CVE-2024-56557,CVE-2024-56558,CVE-2024-56568,CVE-2024-56569,CVE-2024-56570,CVE-2024-56571,CVE-2024-56572,CVE-2024-56573,CVE-2024-56574,CVE-2024-56575,CVE-2024-56577,CVE-2024-56578,CVE-2024-56584,CVE-2024-56587,CVE-2024-56588,CVE-2024-56589,CVE-2024-56590,CVE-2024-56592,CVE-2024-56593,CVE-2024-56594,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56598,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56603,CVE-2024-56606,CVE-2024-56607,CVE-2024-56608,CVE-2024-56609,CVE-2024-56610,CVE-2024-56611,CVE-2024-56614,CVE-2024-56615,CVE-2024-56616,CVE-2024-56617,CVE-2024-56619,CVE-2024-56620,CVE-2024- 56622,CVE-2024-56623,CVE-2024-56625,CVE-2024-56629,CVE-2024-56630,CVE-2024-56631,CVE-2024-56632,CVE-2024-56634,CVE-2024-56635,CVE-2024-56636,CVE-2024-56637,CVE-2024-56641,CVE-2024-56642,CVE-2024-56643,CVE-2024-56644,CVE-2024-56648,CVE-2024-56649,CVE-2024-56650,CVE-2024-56651,CVE-2024-56654,CVE-2024-56656,CVE-2024-56658,CVE-2024-56659,CVE-2024-56660,CVE-2024-56661,CVE-2024-56662,CVE-2024-56663,CVE-2024-56664,CVE-2024-56665,CVE-2024-56670,CVE-2024-56672,CVE-2024-56675,CVE-2024-56677,CVE-2024-56678,CVE-2024-56679,CVE-2024-56681,CVE-2024-56683,CVE-2024-56687,CVE-2024-56688,CVE-2024-56690,CVE-2024-56691,CVE-2024-56693,CVE-2024-56694,CVE-2024-56698,CVE-2024-56700,CVE-2024-56701,CVE-2024-56704,CVE-2024-56705,CVE-2024-56707,CVE-2024-56708,CVE-2024-56709,CVE-2024-56712,CVE-2024-56715,CVE-2024-56716,CVE-2024-56722,CVE-2024-56723,CVE-2024-56724,CVE-2024-56725,CVE-2024-56726,CVE-2024-56727,CVE-2024-56728,CVE-2024-56729,CVE-2024-56739,CVE-2024-56741,CVE-2024-56745,CVE-2024-56746,CVE-2024-56747,C VE-2024-56748,CVE-2024-56759,CVE-2024-56760,CVE-2024-56763,CVE-2024-56765,CVE-2024-56766,CVE-2024-56767,CVE-2024-56769,CVE-2024-56774,CVE-2024-56775,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-56779,CVE-2024-56780,CVE-2024-56787,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57795,CVE-2024-57798,CVE-2024-57801,CVE-2024-57802,CVE-2024-57804,CVE-2024-57809,CVE-2024-57838,CVE-2024-57849,CVE-2024-57850,CVE-2024-57857,CVE-2024-57874,CVE-2024-57876,CVE-2024-57882,CVE-2024-57884,CVE-2024-57887,CVE-2024-57888,CVE-2024-57890,CVE-2024-57892,CVE-2024-57893,CVE-2024-57896,CVE-2024-57897,CVE-2024-57899,CVE-2024-57903,CVE-2024-57904,CVE-2024-57906,CVE-2024-57907,CVE-2024-57908,CVE-2024-57910,CVE-2024-57911,CVE-2024-57912,CVE-2024-57913,CVE-2024-57915,CVE-2024-57916,CVE-2024-57917,CVE-2024-57922,CVE-2024-57926,CVE-2024-57929,CVE-2024-57931,CVE-2024-57932,CVE-2024-57933,CVE-2024-57935,CVE-2024-57936,CVE-2024-57938,CVE-2024-57940,CVE-2024-57946,CVE-2025-21632,CVE-2025-21645,CVE-2025 -21646,CVE-2025-21649,CVE-2025-21650,CVE-2025-21651,CVE-2025-21652,CVE-2025-21653,CVE-2025-21655,CVE-2025-21656,CVE-2025-21662,CVE-2025-21663,CVE-2025-21664,CVE-2025-21666,CVE-2025-21669,CVE-2025-21670,CVE-2025-21674,CVE-2025-21675,CVE-2025-21676,CVE-2025-21678,CVE-2025-21682 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.3.1 updated - libopenssl3-3.1.4-150600.5.24.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 updated - krb5-1.20.1-150600.11.8.1 updated - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - openssl-3-3.1.4-150600.5.24.1 updated - kernel-macros-6.4.0-150600.23.38.1 updated - kernel-devel-6.4.0-150600.23.38.1 updated - python3-base-3.6.15-150300.10.81.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - kernel-default-devel-6.4.0-150600.23.38.1 updated - kernel-syms-6.4.0-150600.23.38.1 updated - container:registry.suse.com-bci-bci-base-15.6-ff9bb1eb8f07d6658b8e06b08c28e9e3fc913ea4e4742267a3c1172c9690b994-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:26:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:26:53 +0100 (CET) Subject: SUSE-CU-2025:1115-1: Security update of bci/ruby Message-ID: <20250219122653.2E35BFF49@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1115-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.29 , bci/ruby:latest Container Release : 31.29 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:27:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:27:20 +0100 (CET) Subject: SUSE-CU-2025:1116-1: Security update of bci/rust Message-ID: <20250219122720.2339AFF49@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1116-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-2.2.5 , bci/rust:oldstable , bci/rust:oldstable-2.2.5 Container Release : 2.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:40 +0100 (CET) Subject: SUSE-CU-2025:1103-1: Security update of bci/nodejs Message-ID: <20250219122440.68D74FE98@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1103-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.32 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.32 , bci/nodejs:latest Container Release : 48.32 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:08 +0100 (CET) Subject: SUSE-CU-2025:1101-1: Security update of suse/nginx Message-ID: <20250219122408.7F2EEFE8A@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1101-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.28 , suse/nginx:latest Container Release : 51.28 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:21:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:21:30 +0100 (CET) Subject: SUSE-CU-2025:1093-1: Security update of bci/dotnet-aspnet Message-ID: <20250219122130.4A139FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1093-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.13 , bci/dotnet-aspnet:8.0.13-47.5 Container Release : 47.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:22:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:22:25 +0100 (CET) Subject: SUSE-CU-2025:1096-1: Security update of bci/dotnet-sdk Message-ID: <20250219122225.424B9FDD4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1096-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.2 , bci/dotnet-sdk:9.0.2-6.5 , bci/dotnet-sdk:latest Container Release : 6.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:44 +0100 (CET) Subject: SUSE-CU-2025:1104-1: Recommended update of bci/nodejs Message-ID: <20250219122444.0A575FE9E@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1104-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.18 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.18 Container Release : 31.18 Severity : moderate Type : recommended References : 1229228 1231472 1233752 1234313 1234765 1236960 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - libsystemd0-254.23-150600.4.25.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:21:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:21:43 +0100 (CET) Subject: SUSE-CU-2025:1094-1: Security update of bci/dotnet-aspnet Message-ID: <20250219122143.5884FFDA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1094-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.2 , bci/dotnet-aspnet:9.0.2-5.5 , bci/dotnet-aspnet:latest Container Release : 5.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:44 +0100 (CET) Subject: SUSE-CU-2025:1105-1: Security update of bci/nodejs Message-ID: <20250219122444.CEE62FF1F@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1105-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.20 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.20 Container Release : 31.20 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:46 +0100 (CET) Subject: SUSE-CU-2025:1107-1: Security update of bci/openjdk Message-ID: <20250219122446.477D8FF22@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1107-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-3.4 Container Release : 3.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:20:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:20:56 +0100 (CET) Subject: SUSE-CU-2025:1092-1: Security update of suse/389-ds Message-ID: <20250219122056.4C9C5FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1092-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-52.13 , suse/389-ds:latest Container Release : 52.13 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:23:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:23:03 +0100 (CET) Subject: SUSE-CU-2025:1098-1: Security update of bci/dotnet-runtime Message-ID: <20250219122303.98AF0FE12@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1098-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.2 , bci/dotnet-runtime:9.0.2-5.5 , bci/dotnet-runtime:latest Container Release : 5.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:22:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:22:54 +0100 (CET) Subject: SUSE-CU-2025:1097-1: Security update of bci/dotnet-runtime Message-ID: <20250219122254.9F304FE07@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1097-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.13 , bci/dotnet-runtime:8.0.13-47.5 Container Release : 47.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:23:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:23:41 +0100 (CET) Subject: SUSE-CU-2025:1089-1: Security update of bci/bci-minimal Message-ID: <20250219122341.06849FE84@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1089-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.32.6 , bci/bci-minimal:latest Container Release : 32.6 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:22:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:22:16 +0100 (CET) Subject: SUSE-CU-2025:1095-1: Security update of bci/dotnet-sdk Message-ID: <20250219122216.084BEFDC6@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1095-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.13 , bci/dotnet-sdk:8.0.13-51.5 Container Release : 51.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:24:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:24:07 +0100 (CET) Subject: SUSE-CU-2025:1100-1: Recommended update of suse/nginx Message-ID: <20250219122407.82DADFE87@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1100-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.26 , suse/nginx:latest Container Release : 51.26 Severity : moderate Type : recommended References : 1231472 1236960 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:501-1 Released: Thu Feb 13 10:53:21 2025 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1236960 This update for permissions fixes the following issues: - Version update 20240826. - Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). The following package changes have been done: - findutils-4.8.0-150300.3.3.2 updated - permissions-20240826-150600.10.18.2 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:26:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:26:24 +0100 (CET) Subject: SUSE-CU-2025:1114-1: Security update of suse/rmt-server Message-ID: <20250219122624.E5E66FF47@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1114-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.8 , suse/rmt-server:latest Container Release : 36.8 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:25:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:25:13 +0100 (CET) Subject: SUSE-CU-2025:1108-1: Security update of suse/postgres Message-ID: <20250219122513.326D1FF24@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1108-1 Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-60.4 Container Release : 60.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated - container:registry.suse.com-bci-bci-micro-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:25:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:25:44 +0100 (CET) Subject: SUSE-CU-2025:1112-1: Security update of suse/mariadb-client Message-ID: <20250219122544.E3380FF29@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1112-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.11 , suse/mariadb-client:latest Container Release : 56.11 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:25:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:25:22 +0100 (CET) Subject: SUSE-CU-2025:1110-1: Security update of suse/postgres Message-ID: <20250219122522.D6171FF26@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1110-1 Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-41.4 , suse/postgres:latest Container Release : 41.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated - container:registry.suse.com-bci-bci-micro-15.6-adc24c50f11083b971c80f30cbff133db5687808c68fa732191385119edde2a9-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:26:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:26:08 +0100 (CET) Subject: SUSE-CU-2025:1113-1: Security update of suse/mariadb Message-ID: <20250219122608.9B56FFF2E@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1113-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.13 , suse/mariadb:latest Container Release : 62.13 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:57:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:57:04 +0100 (CET) Subject: SUSE-CU-2025:1116-1: Security update of bci/rust Message-ID: <20250219125704.C170EFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1116-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-2.2.5 , bci/rust:oldstable , bci/rust:oldstable-2.2.5 Container Release : 2.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:57:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:57:28 +0100 (CET) Subject: SUSE-CU-2025:1117-1: Security update of bci/rust Message-ID: <20250219125728.65B7AFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1117-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-1.2.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.5 Container Release : 2.5 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:57:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:57:39 +0100 (CET) Subject: SUSE-CU-2025:1118-1: Security update of containers/apache-tomcat Message-ID: <20250219125739.7F607FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1118-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.27 Container Release : 62.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:57:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:57:52 +0100 (CET) Subject: SUSE-CU-2025:1119-1: Security update of containers/apache-tomcat Message-ID: <20250219125752.E2469FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1119-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.27 Container Release : 62.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:58:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:58:06 +0100 (CET) Subject: SUSE-CU-2025:1120-1: Security update of containers/apache-tomcat Message-ID: <20250219125806.BCE94FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1120-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.27 Container Release : 62.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:58:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:58:18 +0100 (CET) Subject: SUSE-CU-2025:1121-1: Security update of containers/apache-tomcat Message-ID: <20250219125818.476CEFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1121-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.28 Container Release : 62.28 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:58:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:58:31 +0100 (CET) Subject: SUSE-CU-2025:1122-1: Security update of containers/apache-tomcat Message-ID: <20250219125831.2A91AFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1122-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.28 Container Release : 62.28 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:58:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:58:43 +0100 (CET) Subject: SUSE-CU-2025:1123-1: Security update of containers/apache-tomcat Message-ID: <20250219125843.4F8DAFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1123-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.28 Container Release : 62.28 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:58:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:58:53 +0100 (CET) Subject: SUSE-CU-2025:1124-1: Security update of containers/apache-tomcat Message-ID: <20250219125853.4D180FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1124-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.28 Container Release : 62.28 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-base-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:59:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:59:01 +0100 (CET) Subject: SUSE-CU-2025:1125-1: Security update of containers/python Message-ID: <20250219125901.E1826FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1125-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.26 Container Release : 44.26 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:59:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:59:09 +0100 (CET) Subject: SUSE-CU-2025:1126-1: Security update of containers/python Message-ID: <20250219125909.DCB14FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1126-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.27 Container Release : 51.27 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 12:59:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 13:59:45 +0100 (CET) Subject: SUSE-CU-2025:1127-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250219125945.1C6B9FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1127-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.2 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.2 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-locale-base-2.38-150600.14.23.1 updated - glibc-locale-2.38-150600.14.23.1 updated - glibc-devel-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:00:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:00:12 +0100 (CET) Subject: SUSE-CU-2025:1128-1: Security update of suse/sle15 Message-ID: <20250219130012.9E572FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1128-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.12 , suse/sle15:15.6 , suse/sle15:15.6.47.20.12 Container Release : 47.20.12 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:00:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:00:39 +0100 (CET) Subject: SUSE-CU-2025:1129-1: Security update of bci/spack Message-ID: <20250219130039.C9D06FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1129-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-3.2 , bci/spack:latest Container Release : 3.2 Severity : important Type : security References : 1236282 1236878 CVE-2024-12133 CVE-2025-0395 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - libudev1-254.23-150600.4.25.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - glibc-devel-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-0c6d74fef64f7b31b2d76ef5c680996683b3d3118bcaf008a2fe22e293abe486-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:00:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:00:42 +0100 (CET) Subject: SUSE-CU-2025:1130-1: Security update of suse/stunnel Message-ID: <20250219130042.843F8FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1130-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.18 , suse/stunnel:latest Container Release : 37.18 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:suse-sle15-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated - container:registry.suse.com-bci-bci-micro-15.6-eaa908393f077c85c1de7b24d40bba2ee5936dc1b9e9f4dd0f782cae68a09bc4-0 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:00:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:00:52 +0100 (CET) Subject: SUSE-CU-2025:1132-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20250219130052.D5AF8FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1132-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.40 , suse/sles/15.7/cdi-cloner:1.58.0.28.99 Container Release : 28.99 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libblkid1-2.40.4-150700.1.4 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - containerized-data-importer-cloner-1.58.0-150700.7.40 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:01:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:01:01 +0100 (CET) Subject: SUSE-CU-2025:1134-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20250219130101.BB5D5FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1134-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.40 , suse/sles/15.7/cdi-importer:1.58.0.29.67 Container Release : 29.67 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libxml2-2-2.12.9-150700.1.3 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - libnettle8-3.10.1-150700.2.6 updated - libhogweed6-3.10.1-150700.2.6 updated - qemu-img-9.2.0-150700.3.2 updated - nbdkit-server-1.40.4-150700.2.3 updated - libnbd0-1.20.3-150700.1.5 updated - nbdkit-xz-filter-1.40.4-150700.2.3 updated - nbdkit-curl-plugin-1.40.4-150700.2.3 updated - nbdkit-basic-filters-1.40.4-150700.2.3 updated - containerized-data-importer-importer-1.58.0-150700.7.40 updated - nbdkit-vddk-plugin-1.40.4-150700.2.3 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:01:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:01:15 +0100 (CET) Subject: SUSE-CU-2025:1137-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20250219130115.2FD92FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1137-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.40 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.110 Container Release : 28.110 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libxml2-2-2.12.9-150700.1.3 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - libnettle8-3.10.1-150700.2.6 updated - libhogweed6-3.10.1-150700.2.6 updated - qemu-img-9.2.0-150700.3.2 updated - libnbd0-1.20.3-150700.1.5 updated - libnbd-1.20.3-150700.1.5 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.40 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:01:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:01:22 +0100 (CET) Subject: SUSE-CU-2025:1138-1: Security update of suse/sle15 Message-ID: <20250219130122.97D88FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1138-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.19 , suse/sle15:15.7 , suse/sle15:15.7-4.2.19 Container Release : 4.2.19 Severity : important Type : security References : 1229228 1233752 1234313 1234765 1236619 1236878 CVE-2024-12133 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated - permissions-20240826-150700.14.1 updated - sle-module-basesystem-release-15.7-150700.20.1 updated - sle-module-python3-release-15.7-150700.20.1 updated - sle-module-server-applications-release-15.7-150700.20.1 updated - sles-release-15.7-150700.20.1 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:01:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:01:47 +0100 (CET) Subject: SUSE-CU-2025:1144-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20250219130147.AFA59FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1144-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.44 , suse/sles/15.7/virt-handler:1.1.1.29.113 Container Release : 29.113 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - findutils-4.10.0-150700.2.3 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - kbd-2.4.0-150700.13.2 updated - kubevirt-container-disk-1.1.1-150700.9.44 updated - kubevirt-virt-handler-1.1.1-150700.9.44 updated - libbpf1-1.5.0-150700.1.2 updated - libexpat1-2.6.4-150700.1.3 updated - libnettle8-3.10.1-150700.2.6 updated - libhogweed6-3.10.1-150700.2.6 updated - qemu-img-9.2.0-150700.3.2 updated - util-linux-systemd-2.40.4-150700.1.3 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:01:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:01:53 +0100 (CET) Subject: SUSE-CU-2025:1145-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20250219130153.820ACFCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1145-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.44 , suse/sles/15.7/virt-launcher:1.1.1.34.92 Container Release : 34.92 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - findutils-4.10.0-150700.2.3 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libxml2-2-2.12.9-150700.1.3 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - kbd-2.4.0-150700.13.2 updated - kubevirt-container-disk-1.1.1-150700.9.44 updated - libbpf1-1.5.0-150700.1.2 updated - libdevmapper1_03-2.03.24_1.02.198-150700.1.5 updated - libexpat1-2.6.4-150700.1.3 updated - libnettle8-3.10.1-150700.2.6 updated - libusdm0-24.09.0-150700.1.2 updated - qemu-accel-tcg-x86-9.2.0-150700.3.2 updated - qemu-hw-usb-host-9.2.0-150700.3.2 updated - qemu-ipxe-9.2.0-150700.3.2 updated - qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - libhogweed6-3.10.1-150700.2.6 updated - qemu-hw-usb-redirect-9.2.0-150700.3.2 updated - libqat4-24.09.0-150700.1.2 updated - xen-libs-4.20.0_06-150700.2.3 updated - qemu-img-9.2.0-150700.3.2 updated - libvirt-libs-11.0.0-150700.2.2 updated - rdma-core-54.0-150700.1.6 updated - libvirt-daemon-log-11.0.0-150700.2.2 updated - libvirt-client-11.0.0-150700.2.2 updated - kubevirt-virt-launcher-1.1.1-150700.9.44 updated - swtpm-0.9.0-150700.1.3 updated - libibverbs1-54.0-150700.1.6 updated - libmlx5-1-54.0-150700.1.6 updated - libvirt-daemon-common-11.0.0-150700.2.2 updated - libmlx4-1-54.0-150700.1.6 updated - libmana1-54.0-150700.1.6 updated - libhns1-54.0-150700.1.6 updated - libefa1-54.0-150700.1.6 updated - libibverbs-54.0-150700.1.6 updated - librdmacm1-54.0-150700.1.6 updated - qemu-x86-9.2.0-150700.3.2 updated - qemu-9.2.0-150700.3.2 updated - libvirt-daemon-driver-qemu-11.0.0-150700.2.2 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:09:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:09:06 +0100 (CET) Subject: SUSE-CU-2025:1145-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20250219130906.C9D5CFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1145-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.44 , suse/sles/15.7/virt-launcher:1.1.1.34.92 Container Release : 34.92 Severity : moderate Type : security References : 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - findutils-4.10.0-150700.2.3 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libxml2-2-2.12.9-150700.1.3 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - kbd-2.4.0-150700.13.2 updated - kubevirt-container-disk-1.1.1-150700.9.44 updated - libbpf1-1.5.0-150700.1.2 updated - libdevmapper1_03-2.03.24_1.02.198-150700.1.5 updated - libexpat1-2.6.4-150700.1.3 updated - libnettle8-3.10.1-150700.2.6 updated - libusdm0-24.09.0-150700.1.2 updated - qemu-accel-tcg-x86-9.2.0-150700.3.2 updated - qemu-hw-usb-host-9.2.0-150700.3.2 updated - qemu-ipxe-9.2.0-150700.3.2 updated - qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - libhogweed6-3.10.1-150700.2.6 updated - qemu-hw-usb-redirect-9.2.0-150700.3.2 updated - libqat4-24.09.0-150700.1.2 updated - xen-libs-4.20.0_06-150700.2.3 updated - qemu-img-9.2.0-150700.3.2 updated - libvirt-libs-11.0.0-150700.2.2 updated - rdma-core-54.0-150700.1.6 updated - libvirt-daemon-log-11.0.0-150700.2.2 updated - libvirt-client-11.0.0-150700.2.2 updated - kubevirt-virt-launcher-1.1.1-150700.9.44 updated - swtpm-0.9.0-150700.1.3 updated - libibverbs1-54.0-150700.1.6 updated - libmlx5-1-54.0-150700.1.6 updated - libvirt-daemon-common-11.0.0-150700.2.2 updated - libmlx4-1-54.0-150700.1.6 updated - libmana1-54.0-150700.1.6 updated - libhns1-54.0-150700.1.6 updated - libefa1-54.0-150700.1.6 updated - libibverbs-54.0-150700.1.6 updated - librdmacm1-54.0-150700.1.6 updated - qemu-x86-9.2.0-150700.3.2 updated - qemu-9.2.0-150700.3.2 updated - libvirt-daemon-driver-qemu-11.0.0-150700.2.2 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:09:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:09:13 +0100 (CET) Subject: SUSE-CU-2025:1146-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250219130913.D625DFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1146-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.44 , suse/sles/15.7/libguestfs-tools:1.1.1.28.125 Container Release : 28.125 Severity : moderate Type : security References : 1216091 1229106 1232458 1234752 1235636 1236588 1236590 CVE-2025-0167 CVE-2025-0725 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:363-1 Released: Wed Feb 5 11:01:45 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1216091,1229106,1232458,1234752,1235636 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106) - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there. - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo. - Refresh: Restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:369-1 Released: Wed Feb 5 16:32:36 2025 Summary: Security update for curl Type: security Severity: moderate References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) The following package changes have been done: - glibc-2.38-150700.21.1 updated - libuuid1-2.40.4-150700.1.4 updated - libsmartcols1-2.40.4-150700.1.4 updated - libgpg-error0-1.50-150700.1.5 updated - findutils-4.10.0-150700.2.3 updated - libgcrypt20-1.11.0-150700.2.14 updated - libblkid1-2.40.4-150700.1.4 updated - libxml2-2-2.12.9-150700.1.3 updated - libopenssl3-3.2.3-150700.3.7 updated - grep-3.11-150700.1.5 updated - libmount1-2.40.4-150700.1.4 updated - libfdisk1-2.40.4-150700.1.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.7 updated - sles-release-15.7-150700.20.1 updated - permissions-20240826-150700.14.1 updated - libcurl4-8.6.0-150600.4.21.1 updated - libzypp-17.35.19-150600.3.44.1 updated - zypper-1.14.81-150600.10.22.1 updated - util-linux-2.40.4-150700.1.4 updated - curl-8.6.0-150600.4.21.1 updated - kbd-2.4.0-150700.13.2 updated - libguestfs-winsupport-1.55.3-150700.1.3 updated - libbpf1-1.5.0-150700.1.2 updated - libdevmapper1_03-2.03.24_1.02.198-150700.1.5 updated - libexpat1-2.6.4-150700.1.3 updated - libhivex0-1.3.24-150700.1.4 updated - libnettle8-3.10.1-150700.2.6 updated - libopenssl1_1-1.1.1w-150700.9.14 updated - libusdm0-24.09.0-150700.1.2 updated - osinfo-db-20250124-150700.1.1 updated - pigz-2.8-150700.1.3 updated - qemu-accel-tcg-x86-9.2.0-150700.3.2 updated - qemu-ipxe-9.2.0-150700.3.2 updated - qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.3.2 updated - libhogweed6-3.10.1-150700.2.6 updated - libqat4-24.09.0-150700.1.2 updated - bind-utils-9.20.3-150700.1.4 updated - libmpath0-0.10.2+117+suse.33411aa-150700.1.3 updated - xen-libs-4.20.0_06-150700.2.3 updated - qemu-vmsr-helper-9.2.0-150700.3.2 updated - qemu-pr-helper-9.2.0-150700.3.2 updated - qemu-img-9.2.0-150700.3.2 updated - qemu-tools-9.2.0-150700.3.2 updated - util-linux-systemd-2.40.4-150700.1.3 updated - libvirt-libs-11.0.0-150700.2.2 updated - wicked-0.6.78-150700.1.3 updated - wicked-service-0.6.78-150700.1.3 updated - supermin-5.3.5-150700.2.5 updated - rdma-core-54.0-150700.1.6 updated - libibverbs1-54.0-150700.1.6 updated - libmlx5-1-54.0-150700.1.6 updated - libosinfo-1_0-0-1.12.0-150700.1.3 updated - libosinfo-1.12.0-150700.1.3 updated - libmlx4-1-54.0-150700.1.6 updated - libmana1-54.0-150700.1.6 updated - libhns1-54.0-150700.1.6 updated - libefa1-54.0-150700.1.6 updated - libibverbs-54.0-150700.1.6 updated - librdmacm1-54.0-150700.1.6 updated - qemu-x86-9.2.0-150700.3.2 updated - qemu-9.2.0-150700.3.2 updated - libguestfs0-1.55.3-150700.1.3 updated - libguestfs-devel-1.55.3-150700.1.3 updated - libguestfs-appliance-1.55.3-150700.1.3 updated - libguestfs-1.55.3-150700.1.3 updated - container:sles15-image-15.7.0-3.19 updated From sle-container-updates at lists.suse.com Wed Feb 19 13:10:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 19 Feb 2025 14:10:06 +0100 (CET) Subject: SUSE-CU-2025:1148-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250219131006.8499BFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1148-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.27 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.27 Severity : important Type : security References : 1236282 1236705 1236878 CVE-2024-12133 CVE-2025-0395 CVE-2025-0938 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.31-150300.92.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libpython3_6m1_0-3.6.15-150300.10.81.1 updated - python3-base-3.6.15-150300.10.81.1 updated - python3-3.6.15-150300.10.81.1 updated - container:sles15-ltss-image-15.4.0-2.24 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:23:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:23:30 +0100 (CET) Subject: SUSE-IU-2025:637-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250220162330.E74A6FCE5@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:637-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.146 , suse/sle-micro/base-5.5:latest Image Release : 5.8.146 Severity : important Type : security References : 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1234958 1236316 1236317 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-56737 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:587-1 Released: Wed Feb 19 08:29:17 2025 Summary: Security update for grub2 Type: security Severity: important References: 1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) The following package changes have been done: - grub2-2.06-150500.29.43.2 updated - grub2-i386-pc-2.06-150500.29.43.2 updated - grub2-x86_64-efi-2.06-150500.29.43.2 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:28:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:28:11 +0100 (CET) Subject: SUSE-CU-2025:1154-1: Security update of bci/bci-base-fips Message-ID: <20250220162811.77CB4FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1154-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.4 , bci/bci-base-fips:latest Container Release : 20.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:22:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:22:35 +0100 (CET) Subject: SUSE-CU-2025:1150-1: Security update of containers/open-webui Message-ID: <20250220162235.5855FFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1150-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.31 Container Release : 7.31 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:29:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:29:54 +0100 (CET) Subject: SUSE-CU-2025:1159-1: Security update of bci/bci-init Message-ID: <20250220162954.B9DA5FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1159-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.4 , bci/bci-init:latest Container Release : 31.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:31:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:31:07 +0100 (CET) Subject: SUSE-CU-2025:1162-1: Security update of bci/openjdk Message-ID: <20250220163107.0F445FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1162-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.4 , bci/openjdk:latest Container Release : 33.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:31:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:31:27 +0100 (CET) Subject: SUSE-CU-2025:1163-1: Security update of bci/php-apache Message-ID: <20250220163127.D5178FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1163-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.31 , bci/php-apache:latest Container Release : 48.31 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:31:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:31:43 +0100 (CET) Subject: SUSE-CU-2025:1164-1: Security update of bci/php-fpm Message-ID: <20250220163143.DF59EFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1164-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.31 , bci/php-fpm:latest Container Release : 48.31 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:31:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:31:59 +0100 (CET) Subject: SUSE-CU-2025:1165-1: Security update of bci/php Message-ID: <20250220163159.35093FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1165-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.26 , bci/php:latest Container Release : 48.26 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:32:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:32:25 +0100 (CET) Subject: SUSE-CU-2025:1166-1: Security update of bci/python Message-ID: <20250220163225.B1F88FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1166-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.29 Container Release : 61.29 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:32:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:32:47 +0100 (CET) Subject: SUSE-CU-2025:1167-1: Security update of bci/python Message-ID: <20250220163247.87BF5FCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1167-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.4 , bci/python:latest Container Release : 62.4 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:33:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:33:06 +0100 (CET) Subject: SUSE-CU-2025:1168-1: Security update of bci/python Message-ID: <20250220163306.0493BFCE5@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1168-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.30 Container Release : 60.30 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:registry.suse.com-bci-bci-base-15.6-d7868f3577af323bf37dc2ee80b096662db26086e060537739e337e537668d3b-0 updated From sle-container-updates at lists.suse.com Thu Feb 20 16:35:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 20 Feb 2025 17:35:26 +0100 (CET) Subject: SUSE-CU-2025:1174-1: Security update of suse/sle15 Message-ID: <20250220163526.1E355FCE5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1174-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.19 , suse/sle15:15.7 , suse/sle15:15.7-4.2.19 Container Release : 4.2.19 Severity : important Type : security References : 1229228 1233752 1234313 1234765 1236619 1236878 CVE-2024-12133 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:400-1 Released: Mon Feb 10 10:38:14 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update rebuilds container-suseconnect against go1.23-openssl. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:401-1 Released: Mon Feb 10 10:38:28 2025 Summary: Security update for crypto-policies, krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:547-1 Released: Fri Feb 14 08:26:30 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1229228,1233752,1234313,1234765 This update for systemd fixes the following issues: - Fix agetty failing to open credentials directory (bsc#1229228) - stdio-bridge: fix polled fds - hwdb: comment out the entry for Logitech MX Keys for Mac - core/unit-serialize: fix serialization of markers - locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged - core: fix assert when AddDependencyUnitFiles is called with invalid parameter - Fix systemd-network recommending libidn2-devel (bsc#1234765) - tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - crypto-policies-20230920.570ea89-150600.3.3.1 updated - krb5-1.20.1-150600.11.8.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libudev1-254.23-150600.4.25.1 updated From sle-container-updates at lists.suse.com Fri Feb 21 08:04:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 09:04:06 +0100 (CET) Subject: SUSE-IU-2025:641-1: Security update of suse/sle-micro/5.5 Message-ID: <20250221080406.97154FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:641-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.246 , suse/sle-micro/5.5:latest Image Release : 5.5.246 Severity : moderate Type : security References : 1237040 CVE-2025-26465 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:605-1 Released: Thu Feb 20 15:42:48 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,CVE-2025-26465 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). The following package changes have been done: - openssh-common-8.4p1-150300.3.42.1 updated - openssh-server-8.4p1-150300.3.42.1 updated - openssh-clients-8.4p1-150300.3.42.1 updated - openssh-8.4p1-150300.3.42.1 updated From sle-container-updates at lists.suse.com Fri Feb 21 08:11:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 09:11:37 +0100 (CET) Subject: SUSE-CU-2025:1180-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250221081137.2B70DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1180-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.107 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.107 Severity : important Type : security References : 1229163 1229164 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1234958 1236196 1236316 1236317 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-49504 CVE-2024-56737 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-1118 CVE-2025-1125 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:586-1 Released: Wed Feb 19 08:28:47 2025 Summary: Security update for grub2 Type: security Severity: important References: 1229163,1229164,1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-49504,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:598-1 Released: Wed Feb 19 14:07:12 2025 Summary: Recommended update for kernel-firmware Type: recommended Severity: moderate References: 1236196 This update for kernel-firmware fixes the following issues: - Version upgrade 20250122 * amdgpu: revert DMCUB 3.1.4 firmware (bsc#1236196) * firmware update for various devices: amdgpu, amlogic, mediatek MT7925, qcom, iwlwifi, rtw89, cirrus, rtl_bt - Add missing license entries The following package changes have been done: - grub2-i386-pc-2.12-150600.8.18.2 updated - grub2-x86_64-efi-2.12-150600.8.18.2 updated - grub2-2.12-150600.8.18.2 updated - kernel-firmware-bnx2-20250122-150600.3.12.3 updated - kernel-firmware-chelsio-20250122-150600.3.12.3 updated - kernel-firmware-i915-20250122-150600.3.12.3 updated - kernel-firmware-intel-20250122-150600.3.12.3 updated - kernel-firmware-liquidio-20250122-150600.3.12.3 updated - kernel-firmware-marvell-20250122-150600.3.12.3 updated - kernel-firmware-mediatek-20250122-150600.3.12.3 updated - kernel-firmware-mellanox-20250122-150600.3.12.3 updated - kernel-firmware-network-20250122-150600.3.12.3 updated - kernel-firmware-platform-20250122-150600.3.12.3 updated - kernel-firmware-qlogic-20250122-150600.3.12.3 updated - kernel-firmware-realtek-20250122-150600.3.12.3 updated - kernel-firmware-usb-network-20250122-150600.3.12.3 updated From sle-container-updates at lists.suse.com Fri Feb 21 08:12:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 09:12:08 +0100 (CET) Subject: SUSE-CU-2025:1181-1: Security update of bci/openjdk-devel Message-ID: <20250221081208.79408FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1181-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.7 , bci/openjdk-devel:latest Container Release : 33.7 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-openjdk-21-dd42cd383fb52ce21e686e2be643691dc1333348bb3b58441467ddd4d9d6e2a3-0 updated From sle-container-updates at lists.suse.com Fri Feb 21 08:12:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 09:12:27 +0100 (CET) Subject: SUSE-CU-2025:1182-1: Security update of suse/pcp Message-ID: <20250221081227.6D714FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1182-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.31 , suse/pcp:latest Container Release : 42.31 Severity : low Type : security References : 1236282 CVE-2025-0395 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:582-1 Released: Tue Feb 18 15:55:29 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) The following package changes have been done: - glibc-2.38-150600.14.23.1 updated - container:bci-bci-init-15.6-64478a1bbcf1b18badb76c6cfa4d177d4adcb127ab5becf33d78dad382b04475-0 updated From sle-container-updates at lists.suse.com Fri Feb 21 08:14:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 09:14:13 +0100 (CET) Subject: SUSE-CU-2025:1193-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250221081413.5756CFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1193-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.14 , suse/manager/4.3/proxy-ssh:4.3.14.9.50.19 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.50.19 Severity : moderate Type : security References : 1237040 CVE-2025-26465 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:605-1 Released: Thu Feb 20 15:42:48 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,CVE-2025-26465 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). The following package changes have been done: - openssh-common-8.4p1-150300.3.42.1 updated - openssh-fips-8.4p1-150300.3.42.1 updated - openssh-server-8.4p1-150300.3.42.1 updated - openssh-clients-8.4p1-150300.3.42.1 updated - openssh-8.4p1-150300.3.42.1 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:40:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:40:24 +0100 (CET) Subject: SUSE-CU-2025:1196-1: Security update of suse/389-ds Message-ID: <20250221154024.CBA6CFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1196-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.2 , suse/389-ds:latest Container Release : 36.2 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:40:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:40:53 +0100 (CET) Subject: SUSE-CU-2025:1197-1: Security update of bci/dotnet-aspnet Message-ID: <20250221154053.B0D58FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1197-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.13 , bci/dotnet-aspnet:8.0.13-47.6 Container Release : 47.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:41:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:41:04 +0100 (CET) Subject: SUSE-CU-2025:1198-1: Security update of bci/dotnet-aspnet Message-ID: <20250221154104.5E0B0FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1198-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.2 , bci/dotnet-aspnet:9.0.2-5.6 , bci/dotnet-aspnet:latest Container Release : 5.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:41:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:41:28 +0100 (CET) Subject: SUSE-CU-2025:1199-1: Recommended update of suse/registry Message-ID: <20250221154128.43168FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1199-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-34.2 , suse/registry:latest Container Release : 34.2 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:42:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:42:00 +0100 (CET) Subject: SUSE-CU-2025:1200-1: Security update of bci/dotnet-sdk Message-ID: <20250221154200.6AB35FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1200-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.13 , bci/dotnet-sdk:8.0.13-51.6 Container Release : 51.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:42:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:42:11 +0100 (CET) Subject: SUSE-CU-2025:1201-1: Security update of bci/dotnet-sdk Message-ID: <20250221154211.86792FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1201-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.2 , bci/dotnet-sdk:9.0.2-6.6 , bci/dotnet-sdk:latest Container Release : 6.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:42:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:42:41 +0100 (CET) Subject: SUSE-CU-2025:1202-1: Security update of bci/dotnet-runtime Message-ID: <20250221154241.9F1C7FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1202-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.13 , bci/dotnet-runtime:8.0.13-47.6 Container Release : 47.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:42:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:42:54 +0100 (CET) Subject: SUSE-CU-2025:1203-1: Security update of bci/dotnet-runtime Message-ID: <20250221154254.2E880FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1203-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.2 , bci/dotnet-runtime:9.0.2-5.6 , bci/dotnet-runtime:latest Container Release : 5.6 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:43:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:43:28 +0100 (CET) Subject: SUSE-CU-2025:1204-1: Security update of bci/kiwi Message-ID: <20250221154328.23C14FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1204-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.14 , bci/kiwi:latest Container Release : 21.14 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:43:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:43:56 +0100 (CET) Subject: SUSE-CU-2025:1205-1: Security update of bci/python Message-ID: <20250221154356.D65F0FCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1205-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.31 Container Release : 60.31 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:44:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:44:17 +0100 (CET) Subject: SUSE-CU-2025:1206-1: Recommended update of suse/mariadb-client Message-ID: <20250221154417.E931EFCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1206-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-56.14 , suse/mariadb-client:latest Container Release : 56.14 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:44:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:44:40 +0100 (CET) Subject: SUSE-CU-2025:1207-1: Security update of suse/mariadb Message-ID: <20250221154440.86172FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1207-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-62.16 , suse/mariadb:latest Container Release : 62.16 Severity : moderate Type : security References : 1236136 1236771 1236858 CVE-2024-13176 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:44:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:44:57 +0100 (CET) Subject: SUSE-CU-2025:1208-1: Security update of suse/rmt-server Message-ID: <20250221154457.35600FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1208-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.9 , suse/rmt-server:latest Container Release : 36.9 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:45:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:45:09 +0100 (CET) Subject: SUSE-CU-2025:1209-1: Security update of containers/apache-tomcat Message-ID: <20250221154509.5A35BFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1209-1 Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.29 Container Release : 62.29 Severity : moderate Type : security References : 1236136 1236771 1236858 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:45:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:45:22 +0100 (CET) Subject: SUSE-CU-2025:1210-1: Security update of containers/apache-tomcat Message-ID: <20250221154522.8204FFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1210-1 Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.29 Container Release : 62.29 Severity : moderate Type : security References : 1236136 1236771 1236858 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:45:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:45:37 +0100 (CET) Subject: SUSE-CU-2025:1211-1: Security update of containers/apache-tomcat Message-ID: <20250221154537.925CDFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1211-1 Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.29 Container Release : 62.29 Severity : moderate Type : security References : 1236136 1236771 1236858 CVE-2024-13176 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:45:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:45:50 +0100 (CET) Subject: SUSE-CU-2025:1212-1: Recommended update of containers/apache-tomcat Message-ID: <20250221154550.5CA88FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1212-1 Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.30 Container Release : 62.30 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:46:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:46:03 +0100 (CET) Subject: SUSE-CU-2025:1213-1: Recommended update of containers/apache-tomcat Message-ID: <20250221154603.0A973FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1213-1 Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.30 Container Release : 62.30 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:46:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:46:16 +0100 (CET) Subject: SUSE-CU-2025:1214-1: Recommended update of containers/apache-tomcat Message-ID: <20250221154616.83A6AFCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1214-1 Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.30 Container Release : 62.30 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:46:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:46:26 +0100 (CET) Subject: SUSE-CU-2025:1215-1: Recommended update of containers/apache-tomcat Message-ID: <20250221154626.E0F37FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1215-1 Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.30 Container Release : 62.30 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Fri Feb 21 15:46:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 16:46:37 +0100 (CET) Subject: SUSE-CU-2025:1216-1: Security update of containers/python Message-ID: <20250221154637.1A3A5FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1216-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.28 Container Release : 51.28 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Fri Feb 21 16:07:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 17:07:08 +0100 (CET) Subject: SUSE-CU-2025:1217-1: Security update of suse/postgres Message-ID: <20250221160708.E1559FD2B@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1217-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-41.9 , suse/postgres:latest Container Release : 41.9 Severity : important Type : security References : 1236858 1237093 CVE-2025-1094 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:616-1 Released: Fri Feb 21 11:42:35 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libpq5-17.4-150600.13.10.1 updated - postgresql17-17.4-150600.13.10.1 updated - postgresql17-server-17.4-150600.13.10.1 updated From sle-container-updates at lists.suse.com Fri Feb 21 16:08:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 21 Feb 2025 17:08:07 +0100 (CET) Subject: SUSE-CU-2025:1216-1: Security update of containers/python Message-ID: <20250221160807.272C5FCE5@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1216-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.28 Container Release : 51.28 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:02:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:02:47 +0100 (CET) Subject: SUSE-CU-2025:1218-1: Recommended update of containers/milvus Message-ID: <20250222080247.42982FCE4@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1218-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.43 Container Release : 7.43 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libaws-c-common1-0.9.28-150600.1.9 updated - libfmt9-9.1.0-150600.1.9 updated - libgflags2_2-2.2.2-150600.1.9 updated - libopentracing-cpp1-1.6.0-150600.1.9 updated - libsimdjson22-v3.9.5-150600.1.9 updated - libtbb12-2021.13.0-150600.1.8 updated - libaws-checksums1-0.1.20-150600.1.10 updated - libaws-c-sdkutils1_0_0-0.1.19-150600.1.9 updated - libaws-c-compression1_0_0-0.2.18-150600.1.8 updated - libglog-4-0-0.4.0-150600.1.9 updated - libprotobuf3_21_12-21.12-150600.1.10 updated - libprotobuf25_5_0-25.5-150600.2.34 updated - librocksdb6-6.29.5-150600.2.8 updated - libthrift-0_17_0-0.17.0-150600.1.10 updated - libs2n0unstable-1.5.1-150600.1.9 updated - libaws-c-cal0unstable-0.7.4-150600.1.8 updated - libfolly0-2023.10.30.00-150600.1.8 updated - libaws-c-io0unstable-0.14.18-150600.1.8 updated - libarrow1700-17.0.0-150600.2.10 updated - libaws-c-http1_0_0-0.8.10-150600.1.9 updated - libaws-c-event-stream1-0.4.2-150600.1.8 updated - libparquet1700-17.0.0-150600.2.10 updated - libaws-c-mqtt1_0_0-0.10.6-150600.1.9 updated - libaws-c-auth1_0_0-0.7.31-150600.1.8 updated - librdkafka1-2.3.0-150600.1.7 updated - libprometheus-cpp0_13-0.13.0-150600.1.9 updated - libaws-c-s3-0unstable-0.6.6-150600.1.9 updated - lib-opentelemetry-cpp1_9_1-1.9.1-150600.1.8 updated - libaws-crt-cpp1-0.28.3-150600.1.9 updated - aws-sdk-cpp-libs-1.11.412-150600.1.8 updated - milvus-cppcpu-2.4.6-150600.1.9 updated - milvus-2.4.6-150600.1.14 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:04:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:04:10 +0100 (CET) Subject: SUSE-CU-2025:1219-1: Recommended update of containers/ollama Message-ID: <20250222080410.2105AFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1219-1 Container Tags : containers/ollama:0.5 , containers/ollama:0.5.7 , containers/ollama:0.5.7-6.13 Container Release : 6.13 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - ollama-nvidia-0.5.7-150600.1.3 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:05:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:05:14 +0100 (CET) Subject: SUSE-CU-2025:1220-1: Security update of containers/open-webui Message-ID: <20250222080514.1ACD8FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1220-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.33 Container Release : 7.33 Severity : important Type : security References : 1237093 CVE-2025-1094 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:616-1 Released: Fri Feb 21 11:42:35 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). The following package changes have been done: - python311-rank-bm25-0.2.2-150600.1.8 updated - libgflags2_2-2.2.2-150600.1.9 updated - libpq5-17.4-150600.13.10.1 updated - libtbb12-2021.13.0-150600.1.8 updated - libthrift-0_17_0-0.17.0-150600.1.10 updated - opencv4-cascades-data-4.10.0-150600.1.14 updated - libprotobuf25_5_0-25.5-150600.2.34 updated - libglog-4-0-0.4.0-150600.1.9 updated - python311-xlrd-2.0.1-150600.1.10 updated - python311-wrapt-1.16.0-150600.1.10 updated - python311-validators-0.34.0-150600.1.10 updated - python311-uritemplate-4.1.1-150600.1.8 updated - python311-tzdata-2024.1-150600.1.9 updated - python311-typing_extensions-4.12.2-150600.1.9 updated - python311-tqdm-4.66.4-150600.1.10 updated - python311-threadpoolctl-3.5.0-150600.1.7 updated - python311-tenacity-9.0.0-150600.1.8 updated - python311-sniffio-1.3.1-150600.1.10 updated - python311-six-1.16.0-150600.1.10 updated - python311-setuptools-72.1.0-150600.1.8 updated - python311-safetensors-0.4.3-150600.1.12 updated - python311-regex-2024.5.15-150600.1.10 updated - python311-red-black-tree-mod-1.22-150600.1.10 updated - python311-rapidocr-onnxruntime-1.3.24-150600.1.8 updated - python311-pyxlsb-1.0.10-150600.1.10 updated - python311-pytube-15.0.0-150600.1.10 updated - python311-python-iso639-2024.4.27-150600.1.9 updated - python311-pypdf-4.3.1-150600.1.8 updated - python311-pymongo-4.6.3-150600.1.11 updated - python311-psycopg2-2.9.9-150600.1.14 updated - python311-protobuf-4.25.5-150600.2.34 updated - python311-primp-0.6.3-150600.1.11 updated - python311-pluggy-1.5.0-150600.1.10 updated - python311-peewee-3.17.6-150600.1.10 updated - python311-packaging-24.1-150600.1.8 updated - python311-overrides-7.7.0-150600.1.10 updated - python311-orjson-3.10.7-150600.1.13 updated - python311-onnxruntime-1.19.2-150600.1.8 updated - python311-olefile-0.47-150600.1.10 updated - python311-nest-asyncio-1.6.0-150600.1.9 updated - python311-monotonic-1.6-150600.1.8 updated - python311-mmh3-4.1.0-150600.1.10 updated - python311-langsmith-0.1.52-150600.1.9 updated - python311-langfuse-2.44.0-150600.1.9 updated - python311-langchain-chroma-0.1.4-150600.1.9 updated - python311-jsonpath-python-1.0.6-150600.1.10 updated - python311-jiter-0.5.0-150600.1.11 updated - python311-jdcal-1.4.1-150600.1.9 updated - python311-importlib-resources-6.1.1-150600.1.10 updated - python311-idna-3.8-150600.1.9 updated - python311-greenlet-3.1.0-150600.1.12 updated - python311-filetype-1.2.0-150600.1.8 updated - python311-emoji-2.13.2-150600.1.10 updated - python311-einops-0.8.0-150600.1.7 updated - python311-ebcdic-1.1.1-150600.1.9 updated - python311-easygui-0.98.3-150600.1.8 updated - python311-docx2txt-0.8-150600.1.10 updated - python311-django-cache-url-3.4.5-150600.1.10 updated - python311-dj-email-url-1.0.6-150600.1.8 updated - python311-distro-1.9.0-150600.1.10 updated - python311-dill-0.3.8-150600.1.11 updated - python311-defusedxml-0.7.1-150600.1.9 updated - python311-compressed_rtf-1.0.6-150600.1.9 updated - python311-colorclass-2.2.2-150600.1.9 updated - python311-click-8.1.7-150600.1.10 updated - python311-charset-normalizer-3.3.2-150600.1.10 updated - python311-certifi-2024.7.4-150600.1.23 updated - python311-cchardet-2.1.19-150600.1.20 updated - python311-bitarray-2.9.2-150600.1.10 updated - python311-bcrypt-4.2.0-150600.1.12 updated - python311-backoff-2.2.1-150600.1.9 updated - python311-appdirs-1.4.4-150600.1.8 updated - python311-annotated-types-0.7.0-150600.1.9 updated - python311-aiohappyeyeballs-2.3.7-150600.1.9 updated - python311-XlsxWriter-3.2.0-150600.1.9 updated - python311-PyYAML-6.0.1-150600.1.10 updated - python311-PyPika-0.48.9-150600.1.10 updated - python311-pypandoc-1.14-150600.1.8 updated - python311-importlib-metadata-7.1.0-150600.1.10 updated - python311-ftfy-6.0.3-150600.1.9 updated - python311-pydantic-core-2.23.4-150600.1.10 updated - python311-asgiref-3.8.1-150600.1.9 updated - python311-lark-1.1.9-150600.1.9 updated - python311-cffi-1.17.0-150600.1.10 updated - python311-proto-plus-1.24.0-150600.1.9 updated - python311-opentelemetry-proto-1.27.0-150600.1.8 updated - python311-Pillow-10.4.0-150600.1.10 updated - python311-typing-inspect-0.9.0-150600.1.10 updated - python311-jsonpatch-1.33-150600.1.9 updated - python311-fake-useragent-1.5.1-150600.1.8 updated - python311-yarl-1.13.1-150600.1.9 updated - python311-anyio-4.4.0-150600.1.10 updated - python311-SQLAlchemy-2.0.32-150600.1.11 updated - python311-multiprocess-0.70.16-150600.1.8 updated - python311-python-oxmsg-0.0.1-150600.1.8 updated - python311-peewee-migrate-1.13.0-150600.1.9 updated - python311-pytest-8.3.2-150600.1.10 updated - python311-redis-5.0.8-150600.1.9 updated - python311-uvicorn-0.30.6-150600.1.9 updated - python311-Werkzeug-3.0.4-150600.1.9 updated - python311-grpcio-1.65.0-150600.1.9 updated - libarrow1700-17.0.0-150600.2.10 updated - python311-mpmath-1.3.0-150600.1.10 updated - libctranslate2-4-4.4.0-150600.1.8 updated - python311-build-1.2.1-150600.1.9 updated - python311-Markdown-3.7-150600.1.10 updated - python311-opentelemetry-api-1.27.0-150600.1.8 updated - python311-pydantic-2.9.2-150600.1.8 updated - python311-cryptography-43.0.1-150600.1.14 updated - python311-opentelemetry-exporter-otlp-proto-common-1.27.0-150600.1.8 updated - python311-rich-13.7.1-150600.1.9 updated - python311-starlette-0.38.5-150600.1.8 updated - python311-httpcore-1.0.5-150600.1.8 updated - python311-aiohttp-3.10.8-150600.1.9 updated - python311-python-pptx-1.0.2-150600.1.7 updated - python311-et_xmlfile-1.0.1-150600.1.9 updated - python311-beautifulsoup4-4.12.3-150600.1.8 updated - python311-pytest-docker-3.1.1-150600.1.9 updated - python311-duckduckgo-search-6.2.13-150600.1.8 updated - python311-APScheduler-3.10.4-150600.1.10 updated - python311-alembic-1.13.2-150600.1.8 updated - python311-Flask-3.0.3-150600.1.8 updated - python311-googleapis-common-protos-1.63.2-150600.1.9 updated - libparquet1700-17.0.0-150600.2.10 updated - libarrow_acero1700-17.0.0-150600.2.10 updated - python311-psutil-6.0.0-150600.1.11 updated - python311-python-jose-3.3.0-150600.1.9 updated - python311-ctranslate2-4.4.0-150600.1.10 updated - python311-numpy1-1.26.4-150600.1.21 updated - python311-opentelemetry-semantic-conventions-0.48b0-150600.1.8 updated - python311-opentelemetry-instrumentation-0.48b0-150600.1.8 updated - python311-langchain-core-0.2.38-150600.1.9 updated - python311-dataclasses-json-0.6.7-150600.1.9 updated - python311-pyOpenSSL-24.2.1-150600.1.8 updated - python311-msoffcrypto-tool-4.10.2-150600.1.9 updated - python311-PyMySQL-1.1.1-150600.1.9 updated - python311-PyJWT-2.9.0-150600.1.9 updated - python311-argon2-cffi-23.1.0-150600.1.7 updated - python311-typer-slim-0.12.5-150600.1.9 updated - python311-fastapi-0.114.2-150600.1.9 updated - python311-httpx-0.27.2-150600.1.8 updated - python311-black-24.8.0-150600.1.8 updated - python311-openpyxl-3.1.5-150600.1.8 updated - python311-Flask-Cors-5.0.0-150600.1.8 updated - python311-grpcio-status-1.62.2-150600.1.10 updated - libarrow_flight1700-17.0.0-150600.2.10 updated - libarrow_dataset1700-17.0.0-150600.2.10 updated - python311-sympy-1.12.1-150600.1.9 updated - python311-scipy-1.14.1-150600.1.17 updated - python311-pandas-2.2.3-150600.1.22 updated - python311-joblib-1.4.2-150600.1.9 updated - python311-chroma-hnswlib-0.7.6-150600.2.7 updated - python311-opentelemetry-sdk-1.27.0-150600.1.8 updated - python311-langchain-text_splitters-0.2.16-150600.1.8 updated - python311-oletools-0.60.2-150600.1.8 updated - python311-Django-5.1.1-150600.1.9 updated - python311-typer-0.12.5-150600.1.9 updated - python311-openai-1.40.8-150600.1.9 updated - python311-pyarrow-17.0.0-150600.2.22 updated - python311-FontTools-4.53.1-150600.1.10 updated - python311-scikit-learn-1.5.1-150600.1.19 updated - python311-opentelemetry-util-http-0.48b0-150600.1.7 updated - python311-opentelemetry-exporter-otlp-proto-grpc-1.27.0-150600.1.9 updated - python311-requests-2.32.3-150600.1.9 updated - python311-RTFDE-0.1.1-150600.1.8 updated - python311-dj-database-url-2.3.0-150600.1.9 updated - python311-fpdf2-2.7.9-150600.1.10 updated - libopencv410-4.10.0-150600.1.14 updated - python311-opentelemetry-instrumentation-asgi-0.48b0-150600.1.7 updated - python311-youtube-transcript-api-0.6.2-150600.1.8 updated - python311-tiktoken-0.7.0-150600.1.11 updated - python311-python-engineio-4.8.0-150600.1.9 updated - python311-posthog-3.6.0-150600.1.9 updated - python311-nltk-3.9.1-150600.1.9 updated - python311-google-auth-2.34.0-150600.1.9 updated - python311-fsspec-2024.3.1-150600.1.10 updated - python311-docker-7.1.0-150600.1.8 updated - python311-botocore-1.35.21-150600.1.10 updated - python311-extract-msg-0.49.0-150600.1.8 updated - python311-environs-11.0.0-150600.1.9 updated - libopencv_objdetect410-4.10.0-150600.1.14 updated - libopencv_imgcodecs410-4.10.0-150600.1.14 updated - python311-opentelemetry-instrumentation-fastapi-0.48b0-150600.1.8 updated - python311-unstructured-client-0.25.9-150600.1.9 updated - python311-langchain-community-0.2.12-150600.1.9 updated - python311-langchain-0.2.16-150600.1.8 updated - python311-python-socketio-5.11.4-150600.1.9 updated - python311-kubernetes-28.1.0-150600.1.8 updated - python311-google-auth-httplib2-0.2.0-150600.1.9 updated - python311-google-api-core-2.19.2-150600.1.9 updated - python311-huggingface-hub-0.23.4-150600.1.9 updated - python311-pymilvus-2.4.7-150600.1.10 updated - libopencv_face410-4.10.0-150600.1.14 updated - libopencv_aruco410-4.10.0-150600.1.14 updated - libopencv_ximgproc410-4.10.0-150600.1.14 updated - python311-google-api-python-client-2.143.0-150600.1.9 updated - python311-google-ai-generativelanguage-0.6.10-150600.1.9 updated - python311-tokenizers-0.20.0-150600.1.11 updated - python311-boto3-1.35.21-150600.1.9 updated - python311-av-11.0.0-150600.1.10 updated - libopencv_optflow410-4.10.0-150600.1.14 updated - libopencv_highgui410-4.10.0-150600.1.14 updated - python311-google-generativeai-0.8.2-150600.1.9 updated - python311-chromadb-0.5.9-150600.1.9 updated - python311-anthropic-0.33.1-150600.1.9 updated - python311-faster_whisper-1.0.3-150600.1.10 updated - python311-pydub-0.25.1-150600.1.9 updated - libopencv_gapi410-4.10.0-150600.1.14 updated - libopencv_videoio410-4.10.0-150600.1.14 updated - python311-opencv-4.10.0-150600.1.14 updated - python311-datasets-3.0.1-150600.1.9 updated - python311-transformers-4.44.2-150600.1.8 updated - python311-unstructured-0.15.9-150600.1.9 updated - python311-sentence-transformers-3.0.1-150600.1.9 updated - python311-colbert-ai-0.2.21-150600.1.9 updated - python311-open-webui-0.3.32-150600.1.52 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:09:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:09:53 +0100 (CET) Subject: SUSE-CU-2025:1221-1: Security update of bci/bci-base-fips Message-ID: <20250222080954.0320CFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1221-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.20.5 , bci/bci-base-fips:latest Container Release : 20.5 Severity : moderate Type : security References : 1236136 1236771 1236858 CVE-2024-13176 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libopenssl1_1-1.1.1w-150600.5.12.2 updated - crypto-policies-scripts-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:10:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:10:20 +0100 (CET) Subject: SUSE-CU-2025:1222-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250222081020.E7531FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1222-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.108 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.108 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:10:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:10:48 +0100 (CET) Subject: SUSE-CU-2025:1223-1: Security update of suse/postgres Message-ID: <20250222081048.EB71BFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1223-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-60.10 Container Release : 60.10 Severity : important Type : security References : 1236858 1237093 1237093 CVE-2025-1094 CVE-2025-1094 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:616-1 Released: Fri Feb 21 11:42:35 2025 Summary: Security update for postgresql17 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:635-1 Released: Fri Feb 21 15:13:08 2025 Summary: Security update for postgresql16 Type: security Severity: important References: 1237093,CVE-2025-1094 This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - libpq5-17.4-150600.13.10.1 updated - postgresql16-16.8-150600.16.15.1 updated - postgresql16-server-16.8-150600.16.15.1 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:11:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:11:20 +0100 (CET) Subject: SUSE-CU-2025:1224-1: Security update of bci/ruby Message-ID: <20250222081120.4352AFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1224-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.32 , bci/ruby:latest Container Release : 31.32 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:11:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:11:52 +0100 (CET) Subject: SUSE-CU-2025:1225-1: Security update of bci/rust Message-ID: <20250222081152.27ECDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1225-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-2.2.8 , bci/rust:oldstable , bci/rust:oldstable-2.2.8 Container Release : 2.8 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:12:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:12:24 +0100 (CET) Subject: SUSE-CU-2025:1226-1: Security update of bci/rust Message-ID: <20250222081224.B414FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1226-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-1.2.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.8 Container Release : 2.8 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:14:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:14:02 +0100 (CET) Subject: SUSE-CU-2025:1227-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250222081402.CE689FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1227-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.5 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:14:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:14:37 +0100 (CET) Subject: SUSE-CU-2025:1228-1: Security update of bci/spack Message-ID: <20250222081437.9D86DFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1228-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-3.4 , bci/spack:latest Container Release : 3.4 Severity : moderate Type : security References : 1236136 1236771 CVE-2024-13176 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:613-1 Released: Fri Feb 21 11:37:54 2025 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1236136,1236771,CVE-2024-13176 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.12.2 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:14:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:14:41 +0100 (CET) Subject: SUSE-CU-2025:1229-1: Recommended update of suse/stunnel Message-ID: <20250222081441.72F64FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1229-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-37.21 , suse/stunnel:latest Container Release : 37.21 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Sat Feb 22 08:14:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 22 Feb 2025 09:14:43 +0100 (CET) Subject: SUSE-CU-2025:1230-1: Recommended update of bci/bci-base-fips Message-ID: <20250222081443.C86BDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1230-1 Container Tags : bci/bci-base-fips:15.7 , bci/bci-base-fips:15.7-3.38 Container Release : 3.38 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - crypto-policies-scripts-20230920.570ea89-150600.3.6.5 updated - container:sles15-image-15.7.0-4.2.21 updated From sle-container-updates at lists.suse.com Sun Feb 23 08:06:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 23 Feb 2025 09:06:38 +0100 (CET) Subject: SUSE-CU-2025:1235-1: Recommended update of bci/bci-init Message-ID: <20250223080638.4D77DFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1235-1 Container Tags : bci/bci-init:15.7 , bci/bci-init:15.7-3.39 Container Release : 3.39 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - sles-release-15.7-150700.20.3 updated - container:sles15-image-15.7.0-4.2.22 updated From sle-container-updates at lists.suse.com Sun Feb 23 08:06:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 23 Feb 2025 09:06:42 +0100 (CET) Subject: SUSE-CU-2025:1238-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250223080642.5853EFCE4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1238-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.27 Container Release : 4.27 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - sles-release-15.7-150700.20.3 updated - container:sles15-image-15.7.0-4.2.22 updated From sle-container-updates at lists.suse.com Sun Feb 23 08:06:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 23 Feb 2025 09:06:44 +0100 (CET) Subject: SUSE-CU-2025:1239-1: Recommended update of suse/sle15 Message-ID: <20250223080644.631C6FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1239-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.22 , suse/sle15:15.7 , suse/sle15:15.7-4.2.22 Container Release : 4.2.22 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - sles-release-15.7-150700.20.3 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:04:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:04:27 +0100 (CET) Subject: SUSE-CU-2025:1249-1: Recommended update of containers/open-webui Message-ID: <20250225080427.1213DFCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1249-1 Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.34 Container Release : 7.34 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:05:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:05:20 +0100 (CET) Subject: SUSE-IU-2025:648-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250225080520.9EBF8FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:648-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.147 , suse/sle-micro/base-5.5:latest Image Release : 5.8.147 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150500.6.39.1 updated - zypper-1.14.84-150500.6.23.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:11:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:11:31 +0100 (CET) Subject: SUSE-CU-2025:1254-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250225081131.F0AD0FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1254-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.90 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.90 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:678-1 Released: Mon Feb 24 11:59:54 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150400.3.113.1 updated - zypper-1.14.84-150400.3.76.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:14:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:14:22 +0100 (CET) Subject: SUSE-CU-2025:1256-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250225081422.A47EBFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1256-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.90 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.90 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:678-1 Released: Mon Feb 24 11:59:54 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150400.3.113.1 updated - zypper-1.14.84-150400.3.76.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:15:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:15:16 +0100 (CET) Subject: SUSE-CU-2025:1258-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250225081516.667C3FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1258-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.46 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.46 , suse/ltss/sle15.3/sle15:latest Container Release : 2.46 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:679-1 Released: Mon Feb 24 12:00:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150200.147.1 updated - zypper-1.14.84-150200.105.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:16:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:16:06 +0100 (CET) Subject: SUSE-CU-2025:1260-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250225081606.ECE01FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1260-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.25 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.25 , suse/ltss/sle15.4/sle15:latest Container Release : 2.25 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:678-1 Released: Mon Feb 24 11:59:54 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150400.3.113.1 updated - zypper-1.14.84-150400.3.76.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:18:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:18:14 +0100 (CET) Subject: SUSE-CU-2025:1261-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250225081814.44199FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1261-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.15 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.15 , suse/ltss/sle15.5/sle15:latest Container Release : 4.15 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150500.6.39.1 updated - zypper-1.14.84-150500.6.23.1 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:18:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:18:45 +0100 (CET) Subject: SUSE-CU-2025:1262-1: Recommended update of suse/389-ds Message-ID: <20250225081845.D6D55FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1262-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-36.3 , suse/389-ds:latest Container Release : 36.3 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:19:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:19:11 +0100 (CET) Subject: SUSE-CU-2025:1264-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250225081911.BC74BFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1264-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.13 , bci/dotnet-aspnet:8.0.13-47.7 Container Release : 47.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:19:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:19:21 +0100 (CET) Subject: SUSE-CU-2025:1266-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250225081921.583E2FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1266-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.2 , bci/dotnet-aspnet:9.0.2-5.7 , bci/dotnet-aspnet:latest Container Release : 5.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:20:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:20:07 +0100 (CET) Subject: SUSE-CU-2025:1269-1: Recommended update of bci/dotnet-sdk Message-ID: <20250225082007.60CA4FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1269-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.13 , bci/dotnet-sdk:8.0.13-51.7 Container Release : 51.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:20:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:20:16 +0100 (CET) Subject: SUSE-CU-2025:1271-1: Recommended update of bci/dotnet-sdk Message-ID: <20250225082016.9EAFDFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1271-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.2 , bci/dotnet-sdk:9.0.2-6.7 , bci/dotnet-sdk:latest Container Release : 6.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:20:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:20:42 +0100 (CET) Subject: SUSE-CU-2025:1273-1: Recommended update of bci/dotnet-runtime Message-ID: <20250225082042.B2CAFFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1273-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.13 , bci/dotnet-runtime:8.0.13-47.7 Container Release : 47.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:20:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:20:51 +0100 (CET) Subject: SUSE-CU-2025:1275-1: Recommended update of bci/dotnet-runtime Message-ID: <20250225082051.D73B7FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1275-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.2 , bci/dotnet-runtime:9.0.2-5.7 , bci/dotnet-runtime:latest Container Release : 5.7 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:21:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:21:05 +0100 (CET) Subject: SUSE-CU-2025:1277-1: Recommended update of bci/gcc Message-ID: <20250225082105.1C590FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1277-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.29 , bci/gcc:latest Container Release : 8.29 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:21:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:21:27 +0100 (CET) Subject: SUSE-CU-2025:1279-1: Recommended update of suse/git Message-ID: <20250225082127.98910FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1279-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-36.21 , suse/git:latest Container Release : 36.21 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:21:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:21:46 +0100 (CET) Subject: SUSE-CU-2025:1280-1: Recommended update of bci/golang Message-ID: <20250225082146.297C5FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1280-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.6 , bci/golang:1.23.6-2.34.10 , bci/golang:oldstable , bci/golang:oldstable-2.34.10 Container Release : 34.10 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:22:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:22:07 +0100 (CET) Subject: SUSE-CU-2025:1282-1: Recommended update of bci/golang Message-ID: <20250225082207.4A7DBFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1282-1 Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.31 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.31 Container Release : 55.31 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:22:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:22:28 +0100 (CET) Subject: SUSE-CU-2025:1284-1: Recommended update of bci/golang Message-ID: <20250225082228.C60E9FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1284-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.0 , bci/golang:1.24.0-1.34.10 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.10 Container Release : 34.10 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:22:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:22:54 +0100 (CET) Subject: SUSE-CU-2025:1286-1: Recommended update of bci/golang Message-ID: <20250225082254.8FD54FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1286-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.31 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.31 Container Release : 55.31 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-8b5985e86ca2526802bdfdf2ee16c8ac2f13373b4d2f81f40d74341d4c0d855c-0 updated From sle-container-updates at lists.suse.com Tue Feb 25 08:23:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 25 Feb 2025 09:23:08 +0100 (CET) Subject: SUSE-CU-2025:1287-1: Security update of suse/helm Message-ID: <20250225082308.B5790FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1287-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.1 , suse/helm:3.17.1-36.2 , suse/helm:latest Container Release : 36.2 Severity : important Type : security References : 1234482 1235318 1236858 CVE-2024-45337 CVE-2024-45338 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:602-1 Released: Thu Feb 20 10:15:21 2025 Summary: Security update for helm Type: security Severity: important References: 1234482,1235318,CVE-2024-45337,CVE-2024-45338 This update for helm fixes the following issues: Update to version 3.17.1: - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318). - CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - helm-3.17.1-150000.1.41.1 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:08:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:08:01 +0100 (CET) Subject: SUSE-CU-2025:1287-1: Security update of suse/helm Message-ID: <20250226080801.22748FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1287-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.1 , suse/helm:3.17.1-36.2 , suse/helm:latest Container Release : 36.2 Severity : important Type : security References : 1234482 1235318 1236858 CVE-2024-45337 CVE-2024-45338 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:602-1 Released: Thu Feb 20 10:15:21 2025 Summary: Security update for helm Type: security Severity: important References: 1234482,1235318,CVE-2024-45337,CVE-2024-45338 This update for helm fixes the following issues: Update to version 3.17.1: - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318). - CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - helm-3.17.1-150000.1.41.1 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:08:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:08:21 +0100 (CET) Subject: SUSE-CU-2025:1294-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250226080821.7D57DFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1294-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.109 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.109 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:08:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:08:42 +0100 (CET) Subject: SUSE-CU-2025:1296-1: Recommended update of bci/bci-init Message-ID: <20250226080842.DD687FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1296-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.31.6 , bci/bci-init:latest Container Release : 31.6 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:09 +0100 (CET) Subject: SUSE-CU-2025:1298-1: Recommended update of bci/kiwi Message-ID: <20250226080909.C23B6FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1298-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.16 , bci/kiwi:latest Container Release : 21.16 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:10 +0100 (CET) Subject: SUSE-CU-2025:1299-1: Recommended update of bci/kiwi Message-ID: <20250226080910.6FC29FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1299-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-21.17 , bci/kiwi:latest Container Release : 21.17 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated - container:registry.suse.com-bci-bci-base-15.6-8b5985e86ca2526802bdfdf2ee16c8ac2f13373b4d2f81f40d74341d4c0d855c-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:28 +0100 (CET) Subject: SUSE-CU-2025:1300-1: Recommended update of suse/nginx Message-ID: <20250226080928.C0BC0FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1300-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.30 , suse/nginx:latest Container Release : 51.30 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:50 +0100 (CET) Subject: SUSE-CU-2025:1302-1: Recommended update of bci/nodejs Message-ID: <20250226080950.D104EFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1302-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.34 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.34 , bci/nodejs:latest Container Release : 48.34 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:54 +0100 (CET) Subject: SUSE-CU-2025:1304-1: Recommended update of bci/nodejs Message-ID: <20250226080954.D19D9FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1304-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.22 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.22 Container Release : 31.22 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:58 +0100 (CET) Subject: SUSE-CU-2025:1308-1: Recommended update of bci/openjdk Message-ID: <20250226080958.2E2B8FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1308-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-3.6 Container Release : 3.6 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:09:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:09:56 +0100 (CET) Subject: SUSE-CU-2025:1306-1: Recommended update of bci/openjdk-devel Message-ID: <20250226080956.5B7B7FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1306-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-3.8 Container Release : 3.8 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:bci-openjdk-17-8d3980d552e32a5f78283ec6ea51c3a85e05a9be56c0d8faf03928bfc4d20a67-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:10:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:10:28 +0100 (CET) Subject: SUSE-CU-2025:1310-1: Recommended update of bci/openjdk-devel Message-ID: <20250226081028.D47E5FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1310-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-33.10 , bci/openjdk-devel:latest Container Release : 33.10 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:bci-openjdk-21-27c6aa8b0214c093e8a1f37f79b8551473f3ed2b59de78dbd21ae605c05981ca-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:10:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:10:55 +0100 (CET) Subject: SUSE-CU-2025:1312-1: Recommended update of bci/openjdk Message-ID: <20250226081055.A7883FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1312-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.6.0 , bci/openjdk:21.0.6.0-33.6 , bci/openjdk:latest Container Release : 33.6 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:11:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:11:15 +0100 (CET) Subject: SUSE-CU-2025:1314-1: Recommended update of suse/pcp Message-ID: <20250226081115.AE367FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1314-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.33 , suse/pcp:latest Container Release : 42.33 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:bci-bci-init-15.6-d93d4472bfdc274c6ecc1362813f5b2e7782437c9fe0be36b332f149682504ed-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:11:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:11:38 +0100 (CET) Subject: SUSE-CU-2025:1316-1: Recommended update of bci/php-apache Message-ID: <20250226081138.4E3A0FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1316-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.33 , bci/php-apache:latest Container Release : 48.33 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:11:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:11:58 +0100 (CET) Subject: SUSE-CU-2025:1318-1: Recommended update of bci/php-fpm Message-ID: <20250226081158.C2963FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1318-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.33 , bci/php-fpm:latest Container Release : 48.33 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:12:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:12:17 +0100 (CET) Subject: SUSE-CU-2025:1320-1: Recommended update of bci/php Message-ID: <20250226081217.DCCF0FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1320-1 Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.28 , bci/php:latest Container Release : 48.28 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:12:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:12:48 +0100 (CET) Subject: SUSE-CU-2025:1322-1: Recommended update of bci/python Message-ID: <20250226081248.EC82EFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1322-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-61.31 Container Release : 61.31 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:13:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:13:15 +0100 (CET) Subject: SUSE-CU-2025:1324-1: Recommended update of bci/python Message-ID: <20250226081315.7EF72FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1324-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-62.6 , bci/python:latest Container Release : 62.6 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:13:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:13:39 +0100 (CET) Subject: SUSE-CU-2025:1326-1: Recommended update of bci/python Message-ID: <20250226081339.43053FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1326-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.32 Container Release : 60.32 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:13:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 09:13:52 +0100 (CET) Subject: SUSE-CU-2025:1328-1: Recommended update of suse/rmt-server Message-ID: <20250226081352.A7894FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1328-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.10 , suse/rmt-server:latest Container Release : 36.10 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:05:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:05:12 +0100 (CET) Subject: SUSE-IU-2025:657-1: Security update of suse/sle-micro/5.5 Message-ID: <20250227080512.2A26AFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:657-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.249 , suse/sle-micro/5.5:latest Image Release : 5.5.249 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-small-9.1.1101-150500.20.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:06:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:06:11 +0100 (CET) Subject: SUSE-CU-2025:1338-1: Recommended update of rancher/elemental-operator Message-ID: <20250227080611.D276CFCD8@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1338-1 Container Tags : rancher/elemental-operator:1.6.6 , rancher/elemental-operator:1.6.6-5.1 , rancher/elemental-operator:latest Container Release : 5.1 Severity : moderate Type : recommended References : 1230904 1231833 1232211 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 16 Released: Mon Feb 3 09:50:28 2025 Summary: Recommended update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator Type: recommended Severity: moderate References: This update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator fixes the following issues: elemental: - Update to version v2.1.2 * Fix grub2-x86_64-efi installation * Removing syslinux from base image * Workaround to remove any pre-existing Elemental initrd elemental-agent: - Update to version 0.5.0+git20240729.4482c01: * Fix rke2 cluster class (#80) * Fix rootfs layout (#76) * Exclude cloud-config-defaults feature (#75) * Use toolkit nightly builds (#74) * Align images to Elemental dev (#73) * Only use essential elemental services (#71) * Actualyze elemental init arguments and improve iso build setup (#70) * Fix missing mtools dependency (#68) * Unify root password * Prevent associating multiple ElementalHosts (#65) * Remove CodeQL github action workaround (#66) * upgrade elemental-toolkit to 2.1.0 version (#61) * tests: align Ginkgo version in the Makefile (#63) * Dockerfiles: ensure /usr/libexec is present on the image FS (#64) * minor/setup_kind_cluster.sh: print the command to write the my-config.yaml (#62) * Fix RKE2 ClusterClass and RKE2 default registration method (#60) * Remove unused Codecov config (#59) * Actualize RKE2 templates (#58) * Remove CodeCov action (#57) * Update codeql action (#56) * Display host phases (#51) * Bump CAPI version (#54) * Print test agent config by default (#55) * Deprecate release-action (#53) * Display association status (#49) * Add registration ready condition (#50) * Prevent kubelet and containerd from running in Recovery (#43) * Mitigate time sync issues on JWT validation (#41) * Improve kubeadm image (#39) - Update to version 0.5.0+git20240319.13ad570: * Update dependencies and fix CodeQL failure (#36) * Update to go 1.22 (#32) * Update k3s provider urls (#34) * Remove tumbleweed dracut patches (#33) * Refer to CONTROL_PLANE_ENDPOINT_HOST * Update metadata.yaml * Update quickstart (#30) * Remove uninitialized taint from nodes (#29) * Set providerid on nodes (#22) * Bump yip to v1.4.10 - Initial version 0.5.0 elemental-operator: - Update to version 1.6.4: * register: always register when called (#816) - Update to version 1.6.3: * Backport to v1.6.x (#796) * Enable PR workflow for v1.6 maintenance branch * Add toggle to automatically delete no longer in sync versions (#780) (#783) * [v1.6.x] Add managedosversion finalizer (#775 & #784) (#782) * Ensure re-sync is triggered * [v1.6.x][BACKPORT] operator: fix ManagedOSVersionChannel sync (#771) * Use YAML content for Elemental Agent config (#765) (#770) * Allow yip configs (#751) (#762) * Update deployment.yaml (#757) (#761) * Flag no longer in sync ManagedOSVersions (#750) (#752) * Let elemental-register digest system hardware data (#748) (#749) * register: don't send new Disks and Controllers data (#741) * Added the ability to create a node reset marker for unmanaged hosts (#731) (#737) - Update to version 1.6.2: * chart: add chart name and version to the operator deployment (#694) * Add Metadata CRD (#717) elemental-system-agent: - Update to version 0.3.7: * Add support for CATTLE_AGENT_VAR_DIR in suc plan * add the step for creating GH release, and fix typo in filename * Migrate from Drone to GitHub Action * Version bump for Alpine and Kubectl * Add support for CATTLE_AGENT_STRICT_VERIFY|STRICT_VERIFY environment variables to ensure kubeconfig CA data is valid (#171) elemental-toolkit: - Update to version 2.1.1: * [backport] Disable boot entry if efivars is read-only (#2059) (#2145) * [backport] CI refactor to v2.1.x branch (#2146) * Remove pre-existing Elemental initrds systemd-presets-branding-Elemental: - Include elemental-register.timer as service enabled by default ----------------------------------------------------------------- Advisory ID: 68 Released: Mon Feb 3 09:59:25 2025 Summary: Recommended update for elemental-operator, elemental Type: recommended Severity: moderate References: 1230904 This update for elemental-operator, elemental contains the following fixes: elemental: - Include net.ifnames=0 kernel parameter. (bsc#1230904) elemental-operator: - Update to version 1.6.5: * Add SeedImage.status.checksumURL. ----------------------------------------------------------------- Advisory ID: 119 Released: Mon Feb 3 10:05:40 2025 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] ----------------------------------------------------------------- Advisory ID: 124 Released: Mon Feb 3 10:11:47 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1232211 This update for elemental-operator contains the following fixes: - Update to version 1.6.6: * Do not include Config to MachineRegistration as pointer. (bsc#1232211) * Align values.yaml and questions.yaml. The following package changes have been done: - elemental-operator-1.6.6-1.1 added - libgcc_s1-13.3.0+git8781-2.1 updated - libstdc++6-13.3.0+git8781-2.1 updated - container:suse-toolbox-image-1.0.0-7.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:06:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:06:20 +0100 (CET) Subject: SUSE-CU-2025:1339-1: Security update of rancher/seedimage-builder Message-ID: <20250227080620.65478FCD8@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1339-1 Container Tags : rancher/seedimage-builder:1.6.6 , rancher/seedimage-builder:1.6.6-5.1 , rancher/seedimage-builder:latest Container Release : 5.1 Severity : critical Type : security References : 1194818 1218609 1220117 1220262 1221831 1223605 1225598 1230698 1230904 1231833 1232211 1232528 1232579 1233078 1234068 1234100 1234101 1234102 1234103 1234104 1234812 1234996 1235088 1235475 CVE-2023-50782 CVE-2024-10963 CVE-2024-11053 CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 CVE-2024-28085 CVE-2024-40896 CVE-2024-41996 CVE-2024-50602 CVE-2024-9681 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 117 Released: Mon Feb 3 09:46:07 2025 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,1225598,CVE-2024-28085 This update for util-linux fixes the following issues: Security issue fixed: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) Non-security issues fixed: - Fix hang of lscpu -e (bsc#1225598) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: 16 Released: Mon Feb 3 09:50:28 2025 Summary: Recommended update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator Type: recommended Severity: moderate References: This update for elemental-system-agent, elemental, systemd-presets-branding-Elemental, elemental-toolkit, elemental-agent, elemental-operator fixes the following issues: elemental: - Update to version v2.1.2 * Fix grub2-x86_64-efi installation * Removing syslinux from base image * Workaround to remove any pre-existing Elemental initrd elemental-agent: - Update to version 0.5.0+git20240729.4482c01: * Fix rke2 cluster class (#80) * Fix rootfs layout (#76) * Exclude cloud-config-defaults feature (#75) * Use toolkit nightly builds (#74) * Align images to Elemental dev (#73) * Only use essential elemental services (#71) * Actualyze elemental init arguments and improve iso build setup (#70) * Fix missing mtools dependency (#68) * Unify root password * Prevent associating multiple ElementalHosts (#65) * Remove CodeQL github action workaround (#66) * upgrade elemental-toolkit to 2.1.0 version (#61) * tests: align Ginkgo version in the Makefile (#63) * Dockerfiles: ensure /usr/libexec is present on the image FS (#64) * minor/setup_kind_cluster.sh: print the command to write the my-config.yaml (#62) * Fix RKE2 ClusterClass and RKE2 default registration method (#60) * Remove unused Codecov config (#59) * Actualize RKE2 templates (#58) * Remove CodeCov action (#57) * Update codeql action (#56) * Display host phases (#51) * Bump CAPI version (#54) * Print test agent config by default (#55) * Deprecate release-action (#53) * Display association status (#49) * Add registration ready condition (#50) * Prevent kubelet and containerd from running in Recovery (#43) * Mitigate time sync issues on JWT validation (#41) * Improve kubeadm image (#39) - Update to version 0.5.0+git20240319.13ad570: * Update dependencies and fix CodeQL failure (#36) * Update to go 1.22 (#32) * Update k3s provider urls (#34) * Remove tumbleweed dracut patches (#33) * Refer to CONTROL_PLANE_ENDPOINT_HOST * Update metadata.yaml * Update quickstart (#30) * Remove uninitialized taint from nodes (#29) * Set providerid on nodes (#22) * Bump yip to v1.4.10 - Initial version 0.5.0 elemental-operator: - Update to version 1.6.4: * register: always register when called (#816) - Update to version 1.6.3: * Backport to v1.6.x (#796) * Enable PR workflow for v1.6 maintenance branch * Add toggle to automatically delete no longer in sync versions (#780) (#783) * [v1.6.x] Add managedosversion finalizer (#775 & #784) (#782) * Ensure re-sync is triggered * [v1.6.x][BACKPORT] operator: fix ManagedOSVersionChannel sync (#771) * Use YAML content for Elemental Agent config (#765) (#770) * Allow yip configs (#751) (#762) * Update deployment.yaml (#757) (#761) * Flag no longer in sync ManagedOSVersions (#750) (#752) * Let elemental-register digest system hardware data (#748) (#749) * register: don't send new Disks and Controllers data (#741) * Added the ability to create a node reset marker for unmanaged hosts (#731) (#737) - Update to version 1.6.2: * chart: add chart name and version to the operator deployment (#694) * Add Metadata CRD (#717) elemental-system-agent: - Update to version 0.3.7: * Add support for CATTLE_AGENT_VAR_DIR in suc plan * add the step for creating GH release, and fix typo in filename * Migrate from Drone to GitHub Action * Version bump for Alpine and Kubectl * Add support for CATTLE_AGENT_STRICT_VERIFY|STRICT_VERIFY environment variables to ensure kubeconfig CA data is valid (#171) elemental-toolkit: - Update to version 2.1.1: * [backport] Disable boot entry if efivars is read-only (#2059) (#2145) * [backport] CI refactor to v2.1.x branch (#2146) * Remove pre-existing Elemental initrds systemd-presets-branding-Elemental: - Include elemental-register.timer as service enabled by default ----------------------------------------------------------------- Advisory ID: 68 Released: Mon Feb 3 09:59:25 2025 Summary: Recommended update for elemental-operator, elemental Type: recommended Severity: moderate References: 1230904 This update for elemental-operator, elemental contains the following fixes: elemental: - Include net.ifnames=0 kernel parameter. (bsc#1230904) elemental-operator: - Update to version 1.6.5: * Add SeedImage.status.checksumURL. ----------------------------------------------------------------- Advisory ID: 119 Released: Mon Feb 3 10:05:40 2025 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fix for parsing tzdata 2024b [gcc#116657] ----------------------------------------------------------------- Advisory ID: 94 Released: Mon Feb 3 10:05:41 2025 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818) ----------------------------------------------------------------- Advisory ID: 201 Released: Mon Feb 3 10:06:00 2025 Summary: Security update for openssl-3 Type: security Severity: important References: 1220262,1230698,CVE-2023-50782,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol (bsc#1230698). - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) ----------------------------------------------------------------- Advisory ID: 138 Released: Mon Feb 3 10:07:41 2025 Summary: Security update for curl Type: security Severity: moderate References: 1232528,CVE-2024-9681 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) ----------------------------------------------------------------- Advisory ID: 120 Released: Mon Feb 3 10:09:12 2025 Summary: Security update for expat Type: security Severity: moderate References: 1232579,CVE-2024-50602 This update for expat fixes the following issues: - CVE-2024-50602: Fixed possible denial-of-service vulnerability inside XML_ResumeParser (bsc#1232579). ----------------------------------------------------------------- Advisory ID: 124 Released: Mon Feb 3 10:11:47 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1232211 This update for elemental-operator contains the following fixes: - Update to version 1.6.6: * Do not include Config to MachineRegistration as pointer. (bsc#1232211) * Align values.yaml and questions.yaml. ----------------------------------------------------------------- Advisory ID: 164 Released: Mon Feb 3 10:17:47 2025 Summary: Security update for pam Type: security Severity: moderate References: 1233078,CVE-2024-10963 This update for pam fixes the following issues: - CVE-2024-10963: Fixed improper hostname interpretation in pam_access that could lead to access control bypass (bsc#1233078). ----------------------------------------------------------------- Advisory ID: 166 Released: Mon Feb 3 10:18:10 2025 Summary: Security update for curl Type: security Severity: moderate References: 1234068,CVE-2024-11053 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) ----------------------------------------------------------------- Advisory ID: 188 Released: Mon Feb 3 10:21:01 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1234812,CVE-2024-40896 This update for libxml2 fixes the following issues: - CVE-2024-40896: Fixed XML external entity vulnerability (bsc#1234812) ----------------------------------------------------------------- Advisory ID: 190 Released: Mon Feb 3 10:24:20 2025 Summary: Recommended update for iptables Type: recommended Severity: moderate References: 1234996,1235088 This update for iptables fixes the following issues: * Fixes checking existence of rules. Fixes issues with rule creation with podman/netavark. (bsc#1235088, bsc#1234996) ----------------------------------------------------------------- Advisory ID: 203 Released: Tue Feb 4 09:59:54 2025 Summary: Security update for rsync Type: security Severity: critical References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747 This update for rsync fixes the following issues: - CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100). - CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101). - CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102). - CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103). - CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104). - CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475). The following package changes have been done: - btrfsprogs-udev-rules-6.1.3-6.19 added - elemental-httpfy-1.6.6-1.1 added - elemental-seedimage-hooks-1.6.6-1.1 added - libxxhash0-0.8.1-2.194 added - libuuid1-2.39.3-3.1 updated - liburcu8-0.14.0-2.8 added - libtextstyle0-0.21.1-5.1 added - libsmartcols1-2.39.3-3.1 updated - libparted-fs-resize0-3.5-2.11 added - liblzo2-2-2.10-3.1 added - libjson-c5-0.16-3.1 added - libip4tc2-1.8.9-4.1 updated - libgcc_s1-13.3.0+git8781-2.1 updated - libfuse2-2.9.9-3.1 added - libexpat1-2.5.0-4.1 updated - libburn4-1.5.4-1.9 added - libbtrfsutil1-6.1.3-6.19 added - libbtrfs0-6.1.3-6.19 added - libblkid1-2.39.3-3.1 updated - libargon2-1-20190702-3.1 added - libaio1-0.3.113-3.1 added - dosfstools-4.2-2.9 added - libpng16-16-1.6.43-1.1 added - libxml2-2-2.11.6-4.1 updated - squashfs-4.6.1-3.7 added - libstdc++6-13.3.0+git8781-2.1 updated - libext2fs2-1.47.0-2.3 added - libjte2-1.22-1.8 added - libfdisk1-2.39.3-3.1 updated - libmount1-2.39.3-3.1 updated - libinih0-56-3.1 added - libisofs6-1.5.4-1.9 added - libfreetype6-2.13.2-1.6 added - libedit0-20210910.3.1-9.169 added - gptfdisk-1.0.9-3.5 added - libisoburn1-1.5.4-1.9 added - libdevmapper1_03-2.03.22_1.02.196-1.8 added - gzip-1.13-1.50 added - gettext-runtime-0.21.1-5.1 added - ALP-dummy-release-0.1-8.67 added - libparted2-3.5-2.11 added - libdevmapper-event1_03-2.03.22_1.02.196-1.8 added - info-7.0.3-4.1 added - xfsprogs-6.5.0-1.9 added - thin-provisioning-tools-0.9.0-2.10 added - systemd-rpm-macros-24-1.205 added - e2fsprogs-1.47.0-2.3 added - btrfsprogs-6.1.3-6.19 added - parted-3.5-2.11 added - liblvm2cmd2_03-2.03.22-1.8 added - xorriso-1.5.4-1.9 added - device-mapper-2.03.22_1.02.196-1.8 added - mtools-4.0.43-4.9 added - libopenssl3-3.1.4-7.1 updated - pam-1.6.0-4.1 updated - grub2-2.12~rc1-5.30 added - grub2-i386-pc-2.12~rc1-5.30 added - suse-module-tools-16.0.43-1.1 added - kmod-30-10.56 added - rsync-3.2.7-4.1 added - libcryptsetup12-2.6.1-4.13 added - util-linux-2.39.3-3.1 updated - libsnapper7-0.10.5-2.10 added - libcurl4-8.6.0-5.1 updated - curl-8.6.0-5.1 updated - system-group-kvm-20170617-2.197 added - system-group-hardware-20170617-2.197 added - udev-254.18-1.1 added - snapper-0.10.5-2.10 added - lvm2-2.03.22-1.8 added - elemental-toolkit-2.1.1-1.1 added - container:suse-toolbox-image-1.0.0-7.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:10:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:10:02 +0100 (CET) Subject: SUSE-CU-2025:1342-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250227081002.81277FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1342-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.92 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.92 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:724-1 Released: Wed Feb 26 14:30:20 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150000.5.69.1 updated - vim-9.1.1101-150000.5.69.1 updated - xxd-9.1.1101-150000.5.69.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:12:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:12:50 +0100 (CET) Subject: SUSE-CU-2025:1345-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250227081250.58CD9FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1345-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.92 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.92 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:724-1 Released: Wed Feb 26 14:30:20 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150000.5.69.1 updated - vim-9.1.1101-150000.5.69.1 updated - xxd-9.1.1101-150000.5.69.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:13:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:13:46 +0100 (CET) Subject: SUSE-CU-2025:1346-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250227081346.61ED1FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1346-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.141 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.141 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-9.1.1101-150500.20.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:13:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:13:55 +0100 (CET) Subject: SUSE-IU-2025:658-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250227081355.EC8BBFCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:658-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.5 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.5 Severity : important Type : security References : 1219458 1219563 1222319 1224123 1225600 1225601 1227456 1229010 1229069 1229072 1229272 1229449 1230007 1230596 1234027 1236826 1237040 1237041 CVE-2023-31315 CVE-2023-38417 CVE-2023-47210 CVE-2024-28180 CVE-2024-3727 CVE-2025-26465 CVE-2025-26466 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 21 Released: Wed Feb 26 14:46:04 2025 Summary: Security update for openssh Type: security Severity: important References: 1219563,1224123,1227456,1229010,1229072,1229449,1236826,1237040,1237041,CVE-2024-28180,CVE-2024-3727,CVE-2025-26465,CVE-2025-26466 This update for openssh fixes the following issues: Security issues fixed: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040) - CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041) Other issues fixed: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). - Add a patch to fix a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449) - Fixed RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (bsc#1229010). - Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call - Add a patch that fixes a small memory leak when parsing the subsystem configuration option: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: 20 Released: Wed Feb 26 14:57:21 2025 Summary: Security update for kernel-firmware Type: security Severity: important References: 1219458,1222319,1225600,1225601,1229069,1229272,1230007,1230596,1234027,CVE-2023-31315,CVE-2023-38417,CVE-2023-47210 This update for kernel-firmware fixes the following issues: - Update to version 20241128 (git commit ea71da6f0690): * i915: Update Xe2LPD DMC to v2.24 * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * iwlwifi: add Bz-gf FW for core89-91 release * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: add smu 13.0.14 firmware * amdgpu: add sdma 4.4.5 firmware * amdgpu: add psp 13.0.14 firmware * amdgpu: add gc 9.4.4 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update psp 14.0.4 firmware * amdgpu: update gc 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update vcn 4.0.6 firmware * amdgpu: update psp 14.0.1 firmware * amdgpu: update gc 11.5.1 firmware * amdgpu: update vcn 4.0.5 firmware * amdgpu: update psp 14.0.0 firmware * amdgpu: update gc 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update arcturus firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update sdma 4.4.2 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update psp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware - Update aliases from 6.13-rc1 - Update to version 20241125 (git commit 508d770ee6f3): * ice: update ice DDP wireless_edge package to 1.3.20.0 * ice: update ice DDP comms package to 1.3.52.0 * ice: update ice DDP package to ice-1.3.41.0 * amdgpu: update DMCUB to v9.0.10.0 for DCN314 * amdgpu: update DMCUB to v9.0.10.0 for DCN351 - Update to version 20241121 (git commit 48bb90cceb88): * linux-firmware: Update AMD cpu microcode * xe: Update GUC to v70.36.0 for BMG, LNL * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL - Update to version 20241119 (git commit 60cdfe1831e8): * iwlwifi: add Bz-gf FW for core91-69 release - Update aliases from 6.12 - Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 - Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 - Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 - Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set - Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 - Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport - Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert 'copy-firmware: Support additional compressor options' * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 - Drop obsoleted --ignore-duplicates option to copy-firmware.sh - Drop the ath12k workaround again - Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert 'ath12k: WCN7850 hw2.0: update board-2.bin' (replaced with a newer firmware in this package instead) - update aliases - Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram - Update to version 20241001 (git commit 51e5af813eaf): * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920) * linux-firmware: add firmware for MT7920 * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * qcom: update gpu firmwares for qcm6490 chipset * mt76: mt7996: add firmware files for mt7992 chipset * mt76: mt7996: add firmware files for mt7996 chipset variants * qcom: add gpu firmwares for sa8775p chipset * rtw89: 8922a: add fw format-2 v0.35.42.1 - Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware (bsc#1230596) - Update aliases from 6.11.x and 6.12-rc1 - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Temporary revert for ath12k firmware (bsc#1230596) - Update to version 20240912 (git commit 47c72fee8fe3): * amdgpu: Add VPE 6.1.3 microcode * amdgpu: add SDMA 6.1.2 microcode * amdgpu: Add support for PSP 14.0.4 * amdgpu: add GC 11.5.2 microcode * qcom: qcm6490: add ADSP and CDSP firmware * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Solar core - Update to version 20240911 (git commit 59def907425d): * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272) - Update to version 20240910 (git commit 2a7b69a3fa30): * realtek: rt1320: Add patch firmware of MCU * i915: Update MTL DMC v2.23 * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 - Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027) * amdgpu: DMCUB updates forvarious AMDGPU ASICs * rtw89: 8922a: add fw format-1 v0.35.41.0 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * rtl_bt: Add firmware and config files for RTL8922A * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part * rtl_bt: de-dupe identical config.bin files * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin * linux-firmware: Update AMD SEV firmware * linux-firmware: update firmware for MT7996 * Revert 'i915: Update MTL DMC v2.22' * ath12k: WCN7850 hw2.0: update board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3 * ath11k: QCA2066 hw2.1: add board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1 * qcom: vpu: add video firmware for sa8775p * amdgpu: DMCUB updates for various AMDGPU ASICs - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 The following package changes have been done: - kernel-firmware-amdgpu-20241128-slfo.1.1_1.1 updated - kernel-firmware-ath10k-20241128-slfo.1.1_1.1 updated - kernel-firmware-ath11k-20241128-slfo.1.1_1.1 updated - kernel-firmware-ath12k-20241128-slfo.1.1_1.1 updated - kernel-firmware-atheros-20241128-slfo.1.1_1.1 updated - kernel-firmware-bluetooth-20241128-slfo.1.1_1.1 updated - kernel-firmware-bnx2-20241128-slfo.1.1_1.1 updated - kernel-firmware-brcm-20241128-slfo.1.1_1.1 updated - kernel-firmware-chelsio-20241128-slfo.1.1_1.1 updated - kernel-firmware-dpaa2-20241128-slfo.1.1_1.1 updated - kernel-firmware-i915-20241128-slfo.1.1_1.1 updated - kernel-firmware-intel-20241128-slfo.1.1_1.1 updated - kernel-firmware-iwlwifi-20241128-slfo.1.1_1.1 updated - kernel-firmware-liquidio-20241128-slfo.1.1_1.1 updated - kernel-firmware-marvell-20241128-slfo.1.1_1.1 updated - kernel-firmware-media-20241128-slfo.1.1_1.1 updated - kernel-firmware-mediatek-20241128-slfo.1.1_1.1 updated - kernel-firmware-mellanox-20241128-slfo.1.1_1.1 updated - kernel-firmware-mwifiex-20241128-slfo.1.1_1.1 updated - kernel-firmware-network-20241128-slfo.1.1_1.1 updated - kernel-firmware-nfp-20241128-slfo.1.1_1.1 updated - kernel-firmware-nvidia-20241128-slfo.1.1_1.1 updated - kernel-firmware-platform-20241128-slfo.1.1_1.1 updated - kernel-firmware-prestera-20241128-slfo.1.1_1.1 updated - kernel-firmware-qcom-20241128-slfo.1.1_1.1 updated - kernel-firmware-qlogic-20241128-slfo.1.1_1.1 updated - kernel-firmware-radeon-20241128-slfo.1.1_1.1 updated - kernel-firmware-realtek-20241128-slfo.1.1_1.1 updated - kernel-firmware-serial-20241128-slfo.1.1_1.1 updated - kernel-firmware-sound-20241128-slfo.1.1_1.1 updated - kernel-firmware-ti-20241128-slfo.1.1_1.1 updated - kernel-firmware-ueagle-20241128-slfo.1.1_1.1 updated - kernel-firmware-usb-network-20241128-slfo.1.1_1.1 updated - openssh-common-9.6p1-slfo.1.1_2.1 updated - kernel-firmware-all-20241128-slfo.1.1_1.1 updated - openssh-server-9.6p1-slfo.1.1_2.1 updated - openssh-clients-9.6p1-slfo.1.1_2.1 updated - openssh-9.6p1-slfo.1.1_2.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:17:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:17:27 +0100 (CET) Subject: SUSE-CU-2025:1353-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250227081727.3ADDDFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1353-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.2 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.2 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150500.20.21.1 updated - vim-small-9.1.1101-150500.20.21.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:18:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:18:09 +0100 (CET) Subject: SUSE-CU-2025:1328-1: Recommended update of suse/rmt-server Message-ID: <20250227081809.5D924FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1328-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-36.10 , suse/rmt-server:latest Container Release : 36.10 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:18:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:18:10 +0100 (CET) Subject: SUSE-CU-2025:1356-1: Security update of suse/rmt-server Message-ID: <20250227081810.80063FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1356-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-37.2 , suse/rmt-server:latest Container Release : 37.2 Severity : important Type : security References : 1230930 1232440 CVE-2024-47220 CVE-2024-49761 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:736-1 Released: Wed Feb 26 19:38:12 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1230930,1232440,CVE-2024-47220,CVE-2024-49761 This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440) Other fixes: - [ruby/uri] Fix quadratic backtracking on invalid relative URI - [ruby/time] Make RFC2822 regexp linear - [ruby/time] Fix quadratic backtracking on invalid time - merge some parts of CGI 0.1.1 The following package changes have been done: - libruby2_5-2_5-2.5.9-150000.4.36.1 updated - ruby2.5-stdlib-2.5.9-150000.4.36.1 updated - ruby2.5-2.5.9-150000.4.36.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:18:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:18:34 +0100 (CET) Subject: SUSE-CU-2025:1357-1: Recommended update of bci/ruby Message-ID: <20250227081834.B8526FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1357-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.33 , bci/ruby:latest Container Release : 31.33 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:18:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:18:35 +0100 (CET) Subject: SUSE-CU-2025:1359-1: Security update of bci/ruby Message-ID: <20250227081835.D6322FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1359-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.35 , bci/ruby:latest Container Release : 31.35 Severity : important Type : security References : 1230930 1232440 CVE-2024-47220 CVE-2024-49761 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:736-1 Released: Wed Feb 26 19:38:12 2025 Summary: Security update for ruby2.5 Type: security Severity: important References: 1230930,1232440,CVE-2024-47220,CVE-2024-49761 This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440) Other fixes: - [ruby/uri] Fix quadratic backtracking on invalid relative URI - [ruby/time] Make RFC2822 regexp linear - [ruby/time] Fix quadratic backtracking on invalid time - merge some parts of CGI 0.1.1 The following package changes have been done: - libruby2_5-2_5-2.5.9-150000.4.36.1 updated - ruby2.5-stdlib-2.5.9-150000.4.36.1 updated - ruby2.5-2.5.9-150000.4.36.1 updated - ruby2.5-devel-2.5.9-150000.4.36.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:18:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:18:57 +0100 (CET) Subject: SUSE-CU-2025:1360-1: Recommended update of bci/rust Message-ID: <20250227081857.25BABFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1360-1 Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-2.2.9 , bci/rust:oldstable , bci/rust:oldstable-2.2.9 Container Release : 2.9 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:19:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:19:20 +0100 (CET) Subject: SUSE-CU-2025:1362-1: Recommended update of bci/rust Message-ID: <20250227081920.6021EFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1362-1 Container Tags : bci/rust:1.84 , bci/rust:1.84.0 , bci/rust:1.84.0-1.2.9 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.9 Container Release : 2.9 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:20:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:20:15 +0100 (CET) Subject: SUSE-CU-2025:1364-1: Recommended update of containers/python Message-ID: <20250227082015.2EB45FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1364-1 Container Tags : containers/python:3.11 , containers/python:3.11.11 , containers/python:3.11.11-44.28 Container Release : 44.28 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:20:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:20:24 +0100 (CET) Subject: SUSE-CU-2025:1366-1: Recommended update of containers/python Message-ID: <20250227082024.3C010FCD8@maintenance.suse.de> SUSE Container Update Advisory: containers/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1366-1 Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.29 Container Release : 51.29 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container containers/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:20:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:20:59 +0100 (CET) Subject: SUSE-CU-2025:1368-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250227082059.87772FCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1368-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.32.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 32.6 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:21:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:21:20 +0100 (CET) Subject: SUSE-CU-2025:1370-1: Recommended update of suse/sle15 Message-ID: <20250227082120.E3ACDFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1370-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.13 , suse/sle15:15.6 , suse/sle15:15.6.47.20.13 Container Release : 47.20.13 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:21:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:21:21 +0100 (CET) Subject: SUSE-CU-2025:1371-1: Recommended update of suse/sle15 Message-ID: <20250227082121.841FDFCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1371-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.14 , suse/sle15:15.6 , suse/sle15:15.6.47.20.14 Container Release : 47.20.14 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:21:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:21:48 +0100 (CET) Subject: SUSE-CU-2025:1372-1: Recommended update of bci/spack Message-ID: <20250227082148.D226FFCD8@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1372-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.0 , bci/spack:0.23.0-3.5 , bci/spack:latest Container Release : 3.5 Severity : moderate Type : recommended References : 1236858 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:626-1 Released: Fri Feb 21 12:18:09 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1236858 This update for crypto-policies fixes the following issue: - Remove dangling symlink for the libreswan config (bsc#1236858). The following package changes have been done: - crypto-policies-20230920.570ea89-150600.3.6.5 updated - container:registry.suse.com-bci-bci-base-15.6-1cf69bd627bad43c8cc284e43987de2795dfc545b9db4fca109db3fbd4c48f09-0 updated From sle-container-updates at lists.suse.com Thu Feb 27 08:22:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 09:22:10 +0100 (CET) Subject: SUSE-CU-2025:1386-1: Recommended update of suse/sle15 Message-ID: <20250227082210.32420FCD8@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1386-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.24 , suse/sle15:15.7 , suse/sle15:15.7-4.2.24 Container Release : 4.2.24 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:39:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:39:43 +0100 (CET) Subject: SUSE-CU-2025:1386-1: Recommended update of suse/sle15 Message-ID: <20250227123943.733B8FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1386-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.24 , suse/sle15:15.7 , suse/sle15:15.7-4.2.24 Container Release : 4.2.24 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:680-1 Released: Mon Feb 24 12:01:16 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150600.3.47.2 updated - zypper-1.14.84-150600.10.25.2 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:40:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:40:52 +0100 (CET) Subject: SUSE-CU-2025:1393-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250227124052.DDE82FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1393-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.29 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.60.29 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:678-1 Released: Mon Feb 24 11:59:54 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150400.3.113.1 updated - zypper-1.14.84-150400.3.76.1 updated - container:sles15-ltss-image-15.4.0-2.25 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:41:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:41:24 +0100 (CET) Subject: SUSE-CU-2025:1394-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250227124124.D4000FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1394-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.29 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.50.29 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:678-1 Released: Mon Feb 24 11:59:54 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150400.3.113.1 updated - zypper-1.14.84-150400.3.76.1 updated - container:sles15-ltss-image-15.4.0-2.25 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:43:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:43:53 +0100 (CET) Subject: SUSE-CU-2025:1398-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250227124353.DF1E5FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1398-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.83 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.83 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:679-1 Released: Mon Feb 24 12:00:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150200.147.1 updated - zypper-1.14.84-150200.105.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:43:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:43:54 +0100 (CET) Subject: SUSE-CU-2025:1399-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250227124354.739B9FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1399-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.85 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.85 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:724-1 Released: Wed Feb 26 14:30:20 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150000.5.69.1 updated - vim-9.1.1101-150000.5.69.1 updated - xxd-9.1.1101-150000.5.69.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:47:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:47:03 +0100 (CET) Subject: SUSE-CU-2025:1403-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250227124703.160D1FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1403-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.85 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.85 Severity : important Type : recommended References : 1228434 1236384 1236820 1236939 1236983 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:679-1 Released: Mon Feb 24 12:00:41 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result The following package changes have been done: - libzypp-17.36.1-150200.147.1 updated - zypper-1.14.84-150200.105.1 updated From sle-container-updates at lists.suse.com Thu Feb 27 12:47:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 27 Feb 2025 13:47:03 +0100 (CET) Subject: SUSE-CU-2025:1404-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250227124703.B0EA7FCE4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:1404-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.87 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.87 Severity : moderate Type : security References : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:724-1 Released: Wed Feb 26 14:30:20 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). The following package changes have been done: - vim-data-common-9.1.1101-150000.5.69.1 updated - vim-9.1.1101-150000.5.69.1 updated - xxd-9.1.1101-150000.5.69.1 updated From sle-container-updates at lists.suse.com Wed Feb 26 08:04:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 26 Feb 2025 08:04:21 -0000 Subject: SUSE-IU-2025:652-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250226080419.15443FCD8@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:652-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.5 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 5.5 Severity : important Type : security References : 1219458 1220763 1229069 1229238 1229272 1229685 1229822 1230007 1230078 1230596 1231373 1234027 1235695 1236151 1237137 CVE-2023-31315 CVE-2024-43374 CVE-2024-43790 CVE-2024-43802 CVE-2024-45306 CVE-2024-47814 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 217 Released: Tue Feb 25 14:12:31 2025 Summary: Security update for vim Type: security Severity: important References: 1220763,1229238,1229685,1229822,1230078,1231373,1235695,1236151,1237137,CVE-2024-43374,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2024-47814,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: vim was updated to 9.1.1101: - CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238) - CVE-2024-43790: Fixed Out of bounds read when performing a search command (bsc#1229685) - CVE-2024-43802: Fixed heap-buffer-overflow in ins_typebuf() (bsc#1229822) - CVE-2024-45306: Fixed heap-buffer-overflow in Vim (bsc#1230078) - CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373) - CVE-2025-1215: Fixed manipulation of the argument --log leads to memory corruption (bsc#1237137) - CVE-2025-22134: Fixed heap-buffer-overflow in Vim < 9.1.1003 (bsc#1235695) - CVE-2025-24014: Fixed segmentation fault in win_line() in Vim < 9.1.1043 (bsc#1236151) Update to 9.1.1101: * insexpand.c hard to read * tests: Test_log_nonexistent only works on Linux * Update base-syntax, improve variable matching * Vim9: import with extends may crash * leaking memory with completing multi lines * --log with non-existent path causes a crash * if_perl: Perl 5.38 adds new symbols causing link failure * tests: matchparen plugin test wrongly named * Vim9: problem finding implemented method in type hierarchy * runtime(qf): Update syntax file, match second delimiter * tests: output of test ...win32_ctrl_z depends on python version * tests: fix expected return code for python 3.13 on Windows * tests: timeout might be a bit too small * tests: test_terminwscroll_topline2 unreliable * tests: No check when tests are run under Github actions * tests: plugin tests are named inconsistently * Vim9: import with extends may crash * completion doesn't work with multi lines * filetype: cmmt files are not recognized * Unable to persistently ignore events in a window and its buffers * improve syntax highlighting * setreg() doesn't correctly handle mbyte chars in blockwise mode * unexpected DCS responses may cause out of bounds reads * has('bsd') is true for GNU/Hurd * filetype: Mill files are not recognized * GUI late startup leads to uninitialized scrollbars * Add support for lz4 to tar & gzip plugin * Terminal ansi colors off by one after tgc reset * included syntax items do not understand contains=TOP * vim_strnchr() is strange and unnecessary * Vim9: len variable not used in compile_load() * runtime(vim): Update base-syntax, match :debuggreedy count prefix * Strange error when heredoc marker starts with 'trim' * tests: test_compiler fails on Windows without Maven * 'diffopt' 'linematch' cannot be used with {n} less than 10 * args missing after failing to redefine a function * Cannot control cursor positioning of getchar() * preinsert text completions not deleted with / * getchar() can't distinguish between C-I and Tab * tests: Test_termwinscroll_topline2 fails on MacOS * heap-use-after-free and stack-use-after-scope with :14verbose * no digraph for 'Approaches the limit' * not possible to use plural forms with gettext() * too many strlen() calls in userfunc.c * terminal: E315 when dragging the terminal with the mouse * runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor() * runtime(doc): Tweak documentation style a bit * tests: test_glvs fails when unarchiver not available * Vim always enables 'termguicolors' in a terminal * completion: input text deleted with preinsert when adding leader * translation(sr): Missing Serbian translation for the tutor * Superfluous cleanup steps in test_ins_complete.vim * runtime(netrw): correct wrong version check * Vim doesn't highlight to be inserted text when completing * runtime(netrw): upstream snapshot of v176 * runtime(dist/vim9): fix regressions in dist#vim9#Open * runtime(hyprlang): fix string recognition * make install fails because of a missing dependency * runtime(asm): add byte directives to syntax script * Vim doesn't work well with TERM=xterm-direct * runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection * runtime: decouple Open and Launch commands and gx mapping from netrw * 'nosort' enables fuzzy filtering even if 'fuzzy' isn't in 'completeopt' * runtime(just): fix typo in syntax file * runtime(filetype): Improve Verilog detection by checking for modules definition * tests: off-by-one error in CheckCWD in test_debugger.vim * tests: no support for env variables when running Vim in terminal * too many strlen() calls in os_unix.c * insert-completed items are always sorted * crash after scrolling and pasting in silent Ex mode * Makefiles uses non-portable syntax * fuzzymatching doesn't prefer matching camelcase * filetype: N-Tripels and TriG files are not recognized * Vim9: Patch 9.1.1014 causes regressions * translation(sr): Update Serbian messages translation Update to 9.1.1043: * [security]: segfault in win_line() * update helptags * filetype: just files are not recognized * Update base-syntax, match ternary and falsy operators * Vim9: out-of-bound access when echoing an enum * Vim9: imported type cannot be used as func return type * runtime(kconfig): updated ftplugin and syntax script * runtime(doc): rename last t_BG reference to t_RB * Vim9: comments are outdated * tests: test_channel.py fails with IPv6 * runtime(vim): Update base-syntax, fix is/isnot operator matching * Vim9: confusing error when using abstract method via super * make install fails when using shadowdir * Vim9: memory leak with blob2str() * runtime(tex): add texEmphStyle to texMatchGroup in syntax script * runtime(netrw): upstream snapshot of v175 * Vim9: compiling abstract method fails without return * runtime(c): add new constexpr keyword to syntax file (C23) * tests: shaderslang was removed from test_filetype erroneously * link error when FEAT_SPELL not defined * Coverity complains about insecure data handling * runtime(sh): update syntax script * runtime(c): Add missing syntax test files * filetype: setting bash filetype is backwards incompatible * runtime(c): Update syntax and ftplugin files * the installer can be improved * too many strlen() calls in screen.c * no sanitize check when running linematch * filetype: swc configuration files are not recognized * runtime(netrw): change netrw maintainer * wrong return type of blob2str() * blob2str/str2blob() do not support list of strings * runtime(doc): fix typo in usr_02.txt * Coverity complains about dereferencing NULL pointer * linematch option value not completed * string might be used without a trailing NUL * no way to get current selected item in a async context * filetype: fd ignore files are not recognized * v9.1.0743 causes regression with diff mode * runtime(doc): fix base64 encode/decode examples * Vim9: Patch 9.1.1013 causes a few problems * Not possible to convert string2blob and blob2string * Coverity complains about dereferencing NULL value * Vim9: variable not found in transitive import * runtime(colors): Update colorschemes, include new unokai colorscheme * runtime(lyrics): support milliseconds in syntax script * runtime(vim): Split Vim legacy and Vim9 script indent tests * Vim9: class interface inheritance not correctly working * popupmenu internal error with some abbr in completion item * filetype: VisualCode setting file not recognized * diff feature can be improved * filetype: various ignore are not recognized * tests: Load screendump files with 'git vimdumps' * PmenuMatch completion highlight can be combined * completion text is highlighted even with no pattern found * tests: a few termdebug tests are flaky * [security]: heap-buffer-overflow with visual mode * runtime(doc): add package- helptags for included packages * Vim9: unknown func error with interface declaring func var * runtime(filetype): don't detect string interpolation as angular * ComplMatchIns highlight hard to read on light background * runtime(vim): Update base-syntax, highlight literal string quote escape * runtime(editorconfig): set omnifunc to syntaxcomplete func * tests: ruby tests fail with Ruby 3.4 * Vim9: leaking finished exception * runtime(tiasm): use correct syntax name tiasm in syntax script * filetype: TI assembly files are not recognized * too many strlen() calls in drawscreen.c * runtime(xf86conf): add section name OutputClass to syntax script * ComplMatchIns may highlight wrong text * runtime(vim): Update base-syntax, improve ex-bang matching * runtime(doc): clarify buffer deletion on popup_close() * filetype: shaderslang files are not detected * Vim9: not able to use comment after opening curly brace Update to 9.1.0993: * 9.1.0993: New 'cmdheight' behavior may be surprising * runtime(sh): fix typo in Last Change header * 9.1.0992: Vim9: double-free after v9.1.0988 * 9.1.0991: v:stacktrace has wrong type in Vim9 script * runtime(sh): add PS0 to bashSpecialVariables in syntax script * runtime(vim): Remove trailing comma from match_words * runtime(zsh): sync syntax script with upstream repo * runtime(doc): Capitalise the mnemonic 'Zero' for the 'z' flag of search() * 9.1.0990: Inconsistent behavior when changing cmdheight * 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error * runtime(java): Quietly opt out for unsupported markdown.vim versions * runtime(vim): fix failing vim syntax test * 9.1.0988: Vim9: no error when using uninitialized var in new() * runtime(doc): update index.txt * 9.1.0987: filetype: cake files are not recognized * 9.1.0986: filetype: 'jj' filetype is a bit imprecise * runtime(jj): Support diffs in jj syntax * runtime(vim): Update matchit pattern, no Vim9 short names * 9.1.0985: Vim9: some ex commands can be shortened * 9.1.0984: exception handling can be improved * runtime(doc): update doc for :horizontal * runtime(doc): update index.txt, windows.txt and version9.txt * runtime(doc): Tweak documentation about base64 function * runtime(chordpro): update syntax script * 9.1.0983: not able to get the displayed items in complete_info() * runtime(doc): use standard SGR format at :h xterm-true-color * 9.1.0982: TI linker files are not recognized * runtime(vim): update vim generator syntax script * 9.1.0981: tests: typo in test_filetype.vim * 9.1.0980: no support for base64 en-/decoding functions in Vim Script * syntax(sh): Improve the recognition of bracket expressions * runtime(doc): mention how NUL bytes are handled * 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE * 9.1.0978: GUI tests sometimes fail when setting 'scroll' options * 9.1.0977: filetype: msbuild filetypes are not recognized * 9.1.0976: Vim9: missing return statement with throw * 9.1.0975: Vim9: interpolated string expr not working in object methods * 9.1.0974: typo in change of commit v9.1.0873 * 9.1.0973: too many strlen() calls in fileio.c * runtime(sh): set shellcheck as the compiler for supported shells * runtime(doc): Fix enum example syntax * 9.1.0972: filetype: TI linker map files are not recognized * runtime(vim): Improve syntax script generator for Vim Script * 9.1.0971: filetype: SLNX files are not recognized * 9.1.0970: VMS: build errors on VMS architecture * runtime(doc): Fix documentation typos * runtime(doc): update for new keyprotocol option value (after v9.1.0969) * 9.1.0969: ghostty not using kitty protocol by default * 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name * runtime(doc): update version9.txt for bash filetype * runtime(netrw): update last change header for #16265 * runtime(doc): fix doc error in :r behaviour * 9.1.0967: SpotBugs compiler setup can be further improved * 9.1.0966: Vim9: :enum command can be shortened * runtime(compiler): include a basic bash syntax checker compiler * 9.1.0965: filetype: sh filetype set when detecting the use of bash * runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt * 9.1.0963: fuzzy-matching does not prefer full match * 9.1.0962: filetype: bun.lock file is not recognized * runtime(vim): update indentation plugin for Vim script * runtime(doc): tweak documentation style in helphelp.txt * runtime(vim): Update base-syntax, allow parens in default arguments * runtime(doc): mention auto-format using clang-format for sound.c/sign.c * runtime(help): fix typo s/additional/arbitrary/ * runtime(help): Add better support for language annotation highlighting * 9.1.0961: filetype: TI gel files are not recognized * 9.1.0960: filetype: hy history files are not recognized * translation(fi): Fix typoes in Finish menu translation * 9.1.0959: Coverity complains about type conversion * runtime(vim): Use supported syntax in indent tests * 9.1.0958: filetype: supertux2 config files detected as lisp * 9.1.0956: completion may crash, completion highlight wrong with preview window * 9.1.0955: Vim9: vim9compile.c can be further improved * runtime(doc): move help tag E1182 * runtime(graphql): contribute vim-graphql to Vim core * 9.1.0954: popupmenu.c can be improved * 9.1.0953: filetype: APKBUILD files not correctly detected * 9.1.0952: Vim9: missing type checking for any type assignment * 9.1.0951: filetype: jshell files are not recognized * runtime(dockerfile): do not set commentstring in syntax script * 9.1.0950: filetype: fennelrc files are not recognized * runtime(netrw): do not double escape Vim special characters * git: ignore reformatting change of netrw plugin * runtime(netrw): more reformating #16248 * runtime(doc): Add a note about handling symbolic links in starting.txt * 9.1.0949: popups inconsistently shifted to the left * git: ignore reformatting change of netrw plugin * runtime(netrw): change indent size from 1 to 2 * 9.1.0948: Missing cmdline completion for :pbuffer * runtime(tutor): Reformat tutor1 * 9.1.0947: short-description * 9.1.0946: cross-compiling fails on osx-arm64 * 9.1.0945: ComplMatchIns highlight doesn't end after inserted text * translation(sv): re-include the change from #16240 * 9.1.0944: tests: test_registers fails when not run under X11 * 9.1.0943: Vim9: vim9compile.c can be further improved * runtime(doc): Update README and mention make check to verify * translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec * runtime(vim): update base-syntax after v9.1.0936 * 9.1.0942: a few typos were found * 9.1.0941: ComplMatchIns doesn't work after multibyte chars * runtime(doc): Fix style in fold.txt * translation(sv): Fix typo in Swedish translation * 9.1.0940: Wrong cursor shape with 'gq' and 'indentexpr' executes :normal * runtime(doc): fix some small errors * 9.1.0939: make installtutor fails * 9.1.0938: exclusive selection not respected when re-selecting block mode * 9.1.0937: test_undolist() is flaky * 9.1.0936: cannot highlight completed text * 9.1.0935: SpotBugs compiler can be improved * 9.1.0934: hard to view an existing buffer in the preview window * runtime(doc): document how to minimize fold computation costs * 9.1.0933: Vim9: vim9compile.c can be further improved * 9.1.0932: new Italian tutor not installed * runtime(doc): fix a few minor errors from the last doc updates * translation(it): add Italian translation for the interactive tutor * runtime(doc): update the change.txt help file * runtime(help): Add Vim lang annotation support for codeblocks * 9.1.0931: ml_get error in terminal buffer * 9.1.0930: tests: test_terminal2 may hang in GUI mode * 9.1.0929: filetype: lalrpop files are not recognized * 9.1.0928: tests: test_popupwin fails because the filter command fails * editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim * 9.1.0927: style issues in insexpand.c * 9.1.0926: filetype: Pixi lock files are not recognized * runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit` * runtime(doc): add a note about inclusive motions and exclusive selection * 9.1.0925: Vim9: expression compiled when not necessary * 9.1.0923: too many strlen() calls in filepath.c * 9.1.0923: wrong MIN macro in popupmenu.c * 9.1.0921: popupmenu logic is a bit convoluted * 9.1.0920: Vim9: compile_assignment() too long * 9.1.0919: filetype: some assembler files are not recognized * runtime(netrw): do not pollute search history with symlinks * 9.1.0918: tiny Vim crashes with fuzzy buffer completion * 9.1.0917: various vartabstop and shiftround bugs when shifting lines * runtime(typst): add definition lists to formatlistpat, update maintainer * 9.1.0916: messages.c is exceeding 80 columns * runtime(proto): include filetype plugin for protobuf * 9.1.0915: GVim: default font size a bit too small * 9.1.0914: Vim9: compile_assignment() is too long * 9.1.0913: no error check for neg values for 'messagesopt' * runtime(netrw): only check first arg of netrw_browsex_viewer for being executable * 9.1.0912: xxd: integer overflow with sparse files and -autoskip * 9.1.0911: Variable name for 'messagesopt' doesn't match short name * 9.1.0910: 'messagesopt' does not check max wait time * runtime(doc): update wrong Vietnamese localization tag * 9.1.0909: Vim9: crash when calling instance method Update to 9.1.0908: * 9.1.0908: not possible to configure :messages * 9.1.0907: printoptions:portrait does not change postscript Orientation * runtime(doc): Add vietnamese.txt to helps main TOC * 9.1.0906: filetype: Nvidia PTX files are not recognized * runtime(doc): updated version9.txt with changes from v9.1.0905 * 9.1.0905: Missing information in CompleteDone event * 9.1.0904: Vim9: copy-paste error in class_defining_member() * 9.1.0903: potential overflow in spell_soundfold_wsal() * runtime(netrw): do not detach when launching external programs in gvim * runtime(doc): make tag alignment more consistent in filetype.txt * runtime(doc): fix wrong syntax and style of vietnamese.txt * translation(it): update Italian manpage for vimtutor * runtime(lua): add optional lua function folding * Filelist: include translations for Chapter 2 tutor * translation(vi): Update Vietnamese translation * runtime(doc): include vietnamese.txt * runtime(tutor): fix another typo in tutor2 * runtime(doc): fix typo in vimtutor manpage * translation(it): update Italian manpage for vimtutor * translation(it): include Italian version of tutor chapter 2 * runtime(tutor): regenerated some translated tutor1 files * runtime(tutor): fix typo in Chapter 2 * 9.1.0902: filetype: Conda configuration files are not recognized * runtime(doc): Tweak documentation style a bit * runtime(tutor): update the tutor files and re-number the chapters * runtime(tutor): Update the makefiles for tutor1 and tutor2 files * 9.1.0901: MS-Windows: vimtutor batch script can be improved * runtime(doc): remove buffer-local completeopt todo item * 9.1.0900: Vim9: digraph_getlist() does not accept bool arg * runtime(typst): provide a formatlistpat in ftplugin * runtime(doc): Update documentation for 'noselect' in 'completeopt' * 9.1.0899: default for 'backspace' can be set in C code * runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc * translation(ru): Updated messages translation * 9.1.0898: runtime(compiler): pytest compiler not included * 9.1.0897: filetype: pyrex files are not detected * runtime(compiler): update eslint compiler * 9.1.0896: completion list wrong after v9.1.0891 * runtime(doc): document changed default value for 'history' * 9.1.0895: default history value is too small * 9.1.0894: No test for what the spotbug compiler parses * 9.1.0893: No test that undofile format does not regress * translation(de): update German manpages * runtime(compiler): include spotbugs Java linter * 9.1.0892: the max value of 'tabheight' is limited by other tabpages * runtime(po): remove poDiffOld/New, add po-format flags to syntax file * 9.1.0891: building the completion list array is inefficient * patch 9.1.0890: %! item not allowed for 'rulerformat' * runtime(gzip): load undofile if there exists one * 9.1.0889: Possible unnecessary redraw after adding/deleting lines * 9.1.0888: leftcol property not available in getwininfo() * 9.1.0887: Wrong expression in sign.c * 9.1.0886: filetype: debian control file not detected * runtime(c3): include c3 filetype plugin * 9.1.0885: style of sign.c can be improved * 9.1.0884: gcc warns about uninitialized variable * runtime(apache): Update syntax directives for apache server 2.4.62 * translation(ru): updated vimtutor translation, update MAINTAINERS file * 9.1.0883: message history cleanup is missing some tests * runtime(doc): Expand docs on :! vs. :term * runtime(netrw): Fixing powershell execution issues on Windows * 9.1.0882: too many strlen() calls in insexpand.c * 9.1.0881: GUI: message dialog may not get focus * runtime(netrw): update netrw's decompress logic * runtime(apache): Update syntax keyword definition * runtime(misc): add Italian LICENSE and (top-level) README file * 9.1.0880: filetype: C3 files are not recognized * runtime(doc): add helptag for :HelpToc command * 9.1.0879: source is not consistently formatted * Add clang-format config file * runtime(compiler): fix escaping of arguments passed to :CompilerSet * 9.1.0878: termdebug: cannot enable DEBUG mode * 9.1.0877: tests: missing test for termdebug + decimal signs * 9.1.0876: filetype: openCL files are not recognized * 9.1.0875: filetype: hyprlang detection can be improved * 9.1.0874: filetype: karel files are not detected * 9.1.0873: filetype: Vivado files are not recognized * 9.1.0872: No test for W23 message * 9.1.0871: getcellpixels() can be further improved * 9.1.0870: too many strlen() calls in eval.c * 9.1.0869: Problem: curswant not set on gm in folded line * 9.1.0868: the warning about missing clipboard can be improved * runtime(doc): Makefile does not clean up all temporary files * 9.1.0867: ins_compl_add() has too many args * editorconfig: don't trim trailing whitespaces in runtime/doc * translation(am): Remove duplicate keys in desktop files * runtime(doc): update helptags * runtime(filetype): remove duplicated *.org file pattern * runtime(cfg): only consider leading // as starting a comment * 9.1.0866: filetype: LLVM IR files are not recognized * 9.1.0865: filetype: org files are not recognized * 9.1.0864: message history is fixed to 200 * 9.1.0863: getcellpixels() can be further improved * runtime(sh): better function support for bash/zsh in indent script * runtime(netrw): small fixes to netrw#BrowseX * 9.1.0862: 'wildmenu' not enabled by default in nocp mode * runtime(doc): update how to report issues for mac Vim * runtime(doc): mention option-backslash at :h CompilerSet * runtime(compiler): include a Java Maven compiler plugin * runtime(racket): update Racket runtime files * runtime(doc): improve indentation in examples for netrw-handler * runtime(doc): improve examples for netrw-handler functions * runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg * runtime(doc): clarify the use of filters and external commands * 9.1.0861: Vim9: no runtime check for object member access of any var * runtime(compiler): update pylint linter * 9.1.0860: tests: mouse_shape tests use hard code sleep value * 9.1.0859: several problems with the GLVS plugin * 9.1.0858: Coverity complains about dead code * runtime(tar): Update tar.vim to support permissions * 9.1.0857: xxd: --- is incorrectly recognized as end-of-options * 9.1.0851: too many strlen() calls in getchar.c * 9.1.0850: Vim9: cannot access nested object inside objects * runtime(tex): extra Number highlighting causes issues * runtime(vim): Fix indent after :silent! function * 9.1.0849: there are a few typos in the source * runtime(netrw): directory symlink not resolved in tree view * runtime(doc): add a table of supported Operating Systems * runtime(tex): update Last Change header in syntax script * runtime(doc): fix typo in g:termdebug_config * runtime(vim): Update base-syntax, improve :normal highlighting * runtime(tex): add Number highlighting to syntax file * runtime(doc): Tweak documentation style a bit * 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean * runtime(dune): use :setl instead of :set in ftplugin * runtime(termdebug): allow to use decimal signs * translation(it): Updated Italian vimtutor * runtime(compiler): improve cppcheck * git: git-blame-ignore-revs shown as an error on Github * 9.1.0847: tests: test_popupwin fails because of updated help file * 9.1.0846: debug symbols for xxd are not cleaned in Makefile * runtime(structurizr): Update structurizr syntax * runtime(8th): updated 8th syntax * runtime(doc): Add pi_tutor.txt to help TOC * runtime(compiler): add mypy and ruff compiler; update pylint linter * runtime(netrw): fix several bugs in netrw tree listing * runtime(netrw): prevent polluting the search history * 9.1.0845: vimtutor shell script can be improved * 9.1.0844: if_python: no way to pass local vars to python * 9.1.0843: too many strlen() calls in undo.c * runtime(doc): update default value for fillchars option * runtime(compiler): fix typo in cppcheck compiler plugin * runtime(doc): simplify vimtutor manpage a bit more * runtime(matchparen): Add matchparen_disable_cursor_hl config option * 9.1.0842: not checking for the sync() systemcall * 9.1.0841: tests: still preferring python2 over python3 * 9.1.0840: filetype: idris2 files are not recognized * 9.1.0839: filetype: leo files are not recognized * runtime(cook): include cook filetype plugin * runtime(debversions): Update Debian versions * patch 9.1.0838: vimtutor is bash-specific * runtime(doc): add help specific modeline to pi_tutor.txt * Filelist: vimtutor chapter 2 is missing in Filelist * 9.1.0837: cross-compiling has some issues * runtime(vimtutor): Add a second chapter - update to 9.1.0836 * 9.1.0836: The vimtutor can be improved * 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu' * 9.1.0834: tests: 2html test fails * 9.1.0833: CI: recent ASAN changes do not work for indent tests * 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal * runtime(doc): update help-toc description * runtime(2html): Make links use color scheme colors in TOhtml * 9.1.0831: 'findexpr' can't be used as lambad or Funcref * Filelist: include helptoc package * runtime(doc): include a TOC Vim9 plugin * Filelist: ignore .git-blame-ignore-revs * 9.1.0830: using wrong highlight group for spaces for popupmenu * runtime(typst): synchronize updates from the upstream typst.vim * git: ignore reformatting commit for git-blame (after v9.1.0829) * 9.1.0829: Vim source code uses a mix of tabs and spaces * 9.1.0828: string_T struct could be used more often * 9.1.0827: CI: tests can be improved * runtime(doc): remove stray sentence in pi_netrw.txt * 9.1.0826: filetype: sway files are not recognized * runtime(doc): Include netrw-gp in TOC * runtime(doc): mention 'iskeyword' at :h charclass() * runtime(doc): update help tags * 9.1.0825: compile error for non-diff builds * runtime(netrw): fix E874 when browsing remote directory which contains `~` character * runtime(doc): update coding style documentation * runtime(debversions): Add plucky (25.04) as Ubuntu release name * 9.1.0824: too many strlen() calls in register.c * 9.1.0823: filetype: Zephyr overlay files not recognized * runtime(doc): Clean up minor formatting issues for builtin functions * runtime(netrw): make :Launch/Open autoloadable * runtime(netrw): fix regression with x mapping on Cygwin * runtime(netrw): fix filetype detection for remote files * 9.1.0822: topline might be changed in diff mode unexpectedly * CI: huge linux builds should also run syntax & indent tests * 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument * 9.1.0820: tests: Mac OS tests are too flaky * runtime(awk): Highlight more awk comments in syntax script * runtime(netrw): add missing change for s:redir() * 9.1.0819: tests: using findexpr and imported func not tested * runtime(netrw): improve netrw's open-handling further * runtime(netrw): fix syntax error in netrwPlugin.vim * runtime(netrw): simplify gx file handling * 9.1.0818: some global functions are only used in single files * 9.1.0817: termdebug: cannot evaluate expr in a popup * runtime(defaults): Detect putty terminal and switch to dark background * 9.1.0816: tests: not clear what tests cause asan failures * runtime(doc): Remove some completed items from todo.txt * 9.1.0815: 'above' virtual text causes wrong 'colorcolumn' position * runtime(syntax-tests): tiny vim fails because of line-continuation * 9.1.0814: mapset() may remove unrelated mapping * 9.1.0813: no error handling with setglobal and number types * 9.1.0812: Coverity warns about dereferencing NULL ptr * 9.1.0811: :find expansion does not consider 'findexpr' * 9.1.0810: cannot easily adjust the |:find| command * 9.1.0809: filetype: petalinux config files not recognized * 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll' * 9.1.0807: tests: having 'nolist' in modelines isn't always desired * 9.1.0806: tests: no error check when setting global 'briopt' * 9.1.0805: tests: minor issues in gen_opt_test.vim * 9.1.0804: tests: no error check when setting global 'cc' * 9.1.0803: tests: no error check when setting global 'isk' * 9.1.0802: tests: no error check when setting global 'fdm' to empty value * 9.1.0801: tests: no error check when setting global 'termwinkey' * 9.1.0800: tests: no error check when setting global 'termwinsize' * runtime(doc): :ownsyntax also resets 'spelloptions' * 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive * runtime(doc): Fix wrong Mac default options * 9.1.0798: too many strlen() calls in cmdhist.c * 9.1.0797: testing of options can be further improved * 9.1.0796: filetype: libtool files are not recognized * (typst): add folding to typst ftplugin * runtime(netrw): deprecate and remove netrwFileHandlers#Invoke() * 9.1.0795: filetype: Vivado memory info file are not recognized * 9.1.0794: tests: tests may fail on Windows environment * runtime(doc): improve the :colorscheme documentation * 9.1.0793: xxd: -e does add one extra space * 9.1.0792: tests: Test_set_values() is not comprehensive enough * runtime(swayconfig): add flag for bindsym/bindcode to syntax script * 9.1.0791: tests: errors in gen_opt_test.vim are not shown * runtime(compiler): check for compile_commands in build dirs for cppcheck * 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib) * runtime(help): Update help syntax * runtime(help): fix end of sentence highlight in code examples * runtime(jinja): Support jinja syntax as secondary filetype * 9.1.0789: tests: ':resize + 5' has invalid space after '+' * 9.1.0788: 27;u is not decoded to literal Escape in kitty/foot * 9.1.0787: cursor position changed when using hidden terminal * 9.1.0786: tests: quickfix update test does not test location list * runtime(doc): add some docs for file-watcher programs * CI: uploading failed screendumps still fails on Cirrus CI * 9.1.0785: cannot preserve error position when setting quickfix list * 9.1.0784: there are several problems with python 3.13 * 9.1.0783: 'spell' option setting has problems * 9.1.0782: tests: using wrong neomuttlog file name * runtime(doc): add preview flag to statusline example * 9.1.0781: tests: test_filetype fails * 9.1.0780: MS-Windows: incorrect Win32 error checking * 9.1.0779: filetype: neomuttlog files are not recognized * 9.1.0778: filetype: lf config files are not recognized * runtime(comment): fix commment toggle with mixed tabs & spaces * runtime(misc): Use consistent 'Vim script' spelling * runtime(gleam): add ftplugin for gleam files * runtime(doc): link help-writing from write-local-help * 9.1.0777: filetype: Some upstream php files are not recognized * runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups * runtime(doc): mention conversion rules for remote_expr() * runtime(tutor): Fix missing :s command in spanish translation section 4.4 * 9.1.0776: test_strftime may fail because of missing TZ data * translation(am): Add Armenian language translation * 9.1.0775: tests: not enough tests for setting options * 9.1.0774: 'shellcmdline' doesn't work with getcompletion() * 9.1.0773: filetype: some Apache files are not recognized * 9.1.0772: some missing changes from v9.1.0771 * 9.1.0771: completion attribute hl_group is confusing * 9.1.0770: current command line completion is a bit limited * 9.1.0769: filetype: MLIR files are not recognized * 9.1.0768: MS-Windows: incorrect cursor position when restoring screen * runtime(nasm): Update nasm syntax script * 9.1.0767: A condition is always true in ex_getln.c * runtime(skill): Update syntax file to fix string escapes * runtime(help): highlight CTRL- correctly * runtime(doc): add missing usr_52 entry to toc * 9.1.0766: too many strlen() calls in ex_getln.c * runtime(doc): correct `vi` registers 1-9 documentation error * 9.1.0765: No test for patches 6.2.418 and 7.3.489 * runtime(spec): set comments and commentstring options * NSIS: Include libgcc_s_sjlj-1.dll again * runtime(doc): clarify the effect of 'startofline' option * 9.1.0764: [security]: use-after-free when closing a buffer * runtime(vim): Update base-syntax file, improve class, enum and interface highlighting * 9.1.0763: tests: cannot run single syntax tests * 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly * 9.1.0761: :cd completion fails on Windows with backslash in path * 9.1.0760: tests: no error reported, if gen_opt_test.vim fails * 9.1.0759: screenpos() may return invalid position * runtime(misc): unset compiler in various ftplugins * runtime(doc): update formatting and syntax * runtime(compiler): add cppcheck linter compiler plugin * runtime(doc): Fix style in documents * runtime(doc): Fix to two-space convention in user manual * runtime(comment): consider &tabstop in lines after whitespace indent * 9.1.0758: it's possible to set an invalid key to 'wildcharm' * runtime(java): Manage circularity for every :syn-included syntax file * 9.1.0757: tests: messages files contains ANSI escape sequences * 9.1.0756: missing change from patch v9.1.0754 * 9.1.0755: quickfix list does not handle hardlinks well * runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters * runtime(systemd): small fixes to &keywordprg in ftplugin * CI: macos-12 runner is being sunset, switch to 13 * 9.1.0754: fixed order of items in insert-mode completion menu * runtime(comment): commenting might be off by one column * 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll' * 9.1.0752: can set 'cedit' to an invalid value * runtime(doc): add `usr` tag to usr_toc.txt * 9.1.0751: Error callback for term_start() not used * 9.1.0750: there are some Win9x legacy references * runtime(java): Recognise the CommonMark form (///) of Javadoc comments * 9.1.0749: filetype: http files not recognized * runtime(comment): fix syntax error * CI: uploading failed screendump tests does not work Cirrus * 9.1.0748: :keep* commmands are sometimes misidentified as :k * runtime(indent): allow matching negative numbers for gnu indent config file * runtime(comment): add gC mapping to (un)comment rest of line * 9.1.0747: various typos in repo found * 9.1.0746: tests: Test_halfpage_longline() fails on large terminals * runtime(doc): reformat gnat example * runtime(doc): reformat ada_standard_types section * 9.1.0745: filetype: bun and deno history files not recognized * runtime(glvs): Correct the tag name of glvs-autoinstal * runtime(doc): include short form for :earlier/:later * runtime(doc): remove completed TODO * 9.1.0744: filetype: notmuch configs are not recognised * 9.1.0743: diff mode does not handle overlapping diffs correctly * runtime(glvs): fix a few issues * runtime(doc): Fix typo in :help :command-modifiers * 9.1.0742: getcmdprompt() implementation can be improved * runtime(docs): update `:set?` command behavior table * runtime(doc): update vim90 to vim91 in docs * runtime(doc): fix typo in :h dos-colors * 9.1.0741: No way to get prompt for input()/confirm() * runtime(doc): fix typo in version9.txt nrformat -> nrformats * runtime(rmd,rrst): 'fex' option not properly restored * runtime(netrw): remove extraneous closing bracket * 9.1.0740: incorrect internal diff with empty file * 9.1.0739: [security]: use-after-free in ex_getln.c * runtime(filetype): tests: Test_filetype_detection() fails * runtime(dist): do not output a message if executable is not found * 9.1.0738: filetype: rapid files are not recognized * runtime(modconf): remove erroneous :endif in ftplugin * runtime(lyrics): support multiple timestamps in syntax script * runtime(java): Optionally recognise _module_ import declarations * runtime(vim): Update base-syntax, improve folding function matches * CI: upload failed screendump tests also for Cirrus * 9.1.0737: tests: screendump tests may require a bit more time * runtime(misc): simplify keywordprg in various ftplugins * runtime(java): Optionally recognise all primitive constants in _switch-case_ labels * runtime(zsh,sh): set and unset compiler in ftplugin * runtime(netrw): using inefficient highlight pattern for 'mf' * 9.1.0736: Unicode tables are outdated * 9.1.0735: filetype: salt files are not recognized * 9.1.0734: filetype: jinja files are not recognized * runtime(zathurarc): add double-click-follow to syntax script * translation(ru): Updated messages translation * translation(it): updated xxd man page * translation(ru): updated xxd man page * 9.1.0733: keyword completion does not work with fuzzy * 9.1.0732: xxd: cannot use -b and -i together * runtime(java): Highlight javaConceptKind modifiers with StorageClass * runtime(doc): reword and reformat how to use defaults.vim * 9.1.0731: inconsistent case sensitive extension matching * runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return * runtime(netrw): delete confirmation not strict enough * 9.1.0730: Crash with cursor-screenline and narrow window * 9.1.0729: Wrong cursor-screenline when resizing window * 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data * runtime(doc): clarify the effect of the timeout for search()-functions * runtime(idlang): update syntax script * runtime(spec): Recognize epoch when making spec changelog in ftplugin * runtime(spec): add file triggers to syntax script * 9.1.0727: too many strlen() calls in option.c * runtime(make): add compiler/make.vim to reset compiler plugin settings * runtime(java): Recognise all available standard doclet tags * 9.1.0726: not using correct python3 API with dynamic linking * runtime(dosini): Update syntax script, spellcheck comments only * runtime(doc): Revert outdated comment in completeopt's fuzzy documentation * 9.1.0725: filetype: swiftinterface files are not recognized * runtime(pandoc): Update compiler plugin to use actual 'spelllang' * runtime(groff): Add compiler plugin for groff * 9.1.0724: if_python: link error with python 3.13 and stable ABI * 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13 * 9.1.0722: crash with large id in text_prop interface * 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME * runtime(glvs): update GetLatestVimScripts plugin * runtime(doc): Fix typo in :help :hide text * runtime(doc): buffers can be re-used * 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs * 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid * runtime(doc): Update version9.txt and mention $MYVIMDIR - Update to 9.1.0718: * v9.1.0718: hard to know the users personal Vim Runtime Directory * v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers() Maintainers: fix typo in author name * v9.1.0716: resetting setcellwidth( doesn't update the screen runtime(hcl,terraform): Add runtime files for HCL and Terraform runtime(tmux): Update syntax script * v9.1.0715: Not correctly parsing color names (after v9.1.0709) * v9.1.0714: GuiEnter_Turkish test may fail * v9.1.0713: Newline causes E749 in Ex mode * v9.1.0712: missing dependency of Test_gettext_makefile * v9.1.0711: test_xxd may file when using different xxd * v9.1.0710: popup window may hide part of Command line runtime(vim): Update syntax, improve user-command matching * v9.1.0709: GUIEnter event not found in Turkish locale runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items * v9.1.0708: Recursive window update does not account for reset skipcol runtime(nu): include filetype plugin * v9.1.0707: invalid cursor position may cause a crash * v9.1.0706: test_gettext fails when using shadow dir CI: Install locales-all package * v9.1.0705: Sorting of fuzzy filename completion is not stable translation(pt): update Portuguese/Brazilian menu translation runtime(vim): Update base-syntax, match bracket mark ranges runtime(doc): Update :help :command-complete list * v9.1.0704: inserting with a count is inefficient runtime(doc): use mkdir -p to save a command * v9.1.0703: crash with 2byte encoding and glob2regpat() runtime(hollywood): update syn highlight for If-Then statements and For-In-Loops * v9.1.0702: Patch 9.1.0700 broke CI * v9.1.0701: crash with NFA regex engine when searching for composing chars * v9.1.0700: crash with 2byte encoding and glob2regpat() * v9.1.0699: 'dvgo' is not always an inclusive motion runtime(java): Provide support for syntax preview features * v9.1.0698: 'Untitled' file not removed when running Test_crash1_3 alone * v9.1.0697: heap-buffer-overflow in ins_typebuf * v9.1.0696: installing runtime files fails when using SHADOWDIR runtime(doc): fix typo * v9.1.0695: test_crash leaves Untitled file around translation(br): Update Brazilian translation translation(pt): Update menu_pt_br * v9.1.0694: matchparen is slow on a long line * v9.1.0693: Configure doesn't show result when not using python3 stable abi * v9.1.0692: Wrong patlen value in ex_substitute() * v9.1.0691: stable-abi may cause segfault on Python 3.11 runtime(vim): Update base-syntax, match :loadkeymap after colon and bar runtime(mane): Improve ManBS mapping * v9.1.0690: cannot set special highlight kind in popupmenu translation(pt): Revert and fix wrong Portuguese menu translation files translation(pt): revert Portuguese menu translation translation(br): Update Brazilian translations runtime(vim): Update base-syntax, improve :let-heredoc highlighting * v9.1.0689: buffer-overflow in do_search( with 'rightleft' runtime(vim): Improve heredoc handling for all embedded scripts * v9.1.0688: dereferences NULL pointer in check_type_is_value() * v9.1.0687: Makefile may not install desktop files runtime(man): Fix ManBS runtime(java): Make the bundled &foldtext function optional runtime(netrw): Change line on `mx` if command output exists runtime(netrw): Fix `mf`-selected entry highlighting runtime(htmlangular): add html syntax highlighting translation(it): Fix filemode of Italian manpages runtime(doc): Update outdated man.vim plugin information runtime(zip): simplify condition to detect MS-Windows * v9.1.0686: zip-plugin has problems with special characters runtime(pandoc): escape quotes in &errorformat for pandoc translation(it): updated Italian manpage * v9.1.0685: too many strlen( calls in usercmd.c runtime(doc): fix grammar in :h :keeppatterns runtime(pandoc): refine pandoc compiler settings * v9.1.0684: completion is inserted on Enter with 'noselect' translation(ru): update man pages * v9.1.0683: mode( returns wrong value with mapping runtime(doc): remove trailing whitespace in cmdline.txt * v9.1.0682: Segfault with uninitialized funcref * v9.1.0681: Analyzing failed screendumps is hard runtime(doc): more clarification for the :keeppatterns needed * v9.1.0680: VMS does not have defined uintptr_t runtime(doc): improve typedchar documentation for KeyInputPre autocmd runtime(dist): verify that executable is in $PATH translation(it): update Italian manpages runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677 runtime(doc): update Makefile and make it portable between GNU and BSD * v9.1.0679: Rename from w_closing to w_locked is incomplete runtime(colors): update colorschemes runtime(vim): Update base-syntax, improve :let-heredoc highlighting runtime(doc): Updating the examples in the xxd manpage translation(ru): Updated uganda.rux runtime(yaml): do not re-indent when commenting out lines * v9.1.0678: use-after-free in alist_add() * v9.1.0677 :keepp does not retain the substitute pattern translation(ja): Update Japanese translations to latest release runtime(netrw): Drop committed trace lines runtime(netrw): Error popup not always used runtime(netrw): ErrorMsg( may throw E121 runtime(tutor): update Makefile and make it portable between GNU and BSD translation: improve the po/cleanup.vim script runtime(lang): update Makefile and make it portable between GNU and BSD * v9.1.0676: style issues with man pages * v9.1.0675: Patch v9.1.0674 causes problems runtime(dosbatch): Show %%i as an argument in syntax file runtime(dosbatch): Add syn-sync to syntax file runtime(sql, mysql): fix E169: Command too recursive with sql_type_default = 'mysql' * v9.1.0674: compiling abstract method fails because of missing return runtime(javascript): fix a few issues with syntax higlighting runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var runtime(termdebug): Fix wrong test for balloon feature runtime(doc): Remove mentioning of the voting feature runtime(doc): add help tags for json + markdown global variables * v9.1.0673: too recursive func calls when calling super-class method runtime(syntax-tests): Facilitate the viewing of rendered screendumps runtime(doc): fix a few style issues * v9.1.0672: marker folds may get corrupted on undo * v9.1.0671 Problem: crash with WinNewPre autocommand * v9.1.0670: po file encoding fails on *BSD during make translation(it): Update Italian translation translation: Stop using msgconv * v9.1.0669: stable python ABI not used by default Update .gitignore and .hgignore files * v9.1.0668: build-error with python3.12 and stable ABI translations: Update generated po files * v9.1.0667: Some other options reset curswant unnecessarily when set * v9.1.0666: assert_equal( doesn't show multibyte string correctly runtime(doc): clarify directory of Vim's executable vs CWD * v9.1.0665 :for loop runtime(proto): Add indent script for protobuf filetype * v9.1.0664: console vim did not switch back to main screen on exit runtime(zip): zip plugin does not work with Vim 9.0 * v9.1.0663: zip test still resets 'shellslash' option runtime(zip): use defer to restore old settings runtime(zip): add a generic Message function runtime(zip): increment base version of zip plugin runtime(zip): raise minimum Vim version to * v9.0 runtime(zip): refactor save and restore of options runtime(zip): remove test for fnameescape runtime(zip): use :echomsg instead of :echo runtime(zip): clean up and remove comments * v9.1.0662: filecopy( may return wrong value when readlink( fails * v9.1.0661: the zip plugin is not tested. runtime(zip): Fix for FreeBSD's unzip command runtime(doc): capitalize correctly * v9.1.0660: Shift-Insert does work on old conhost translation(it): update Italian manpage runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr runtime(zip): escape '[' on Unix as well * v9.1.0659: MSVC Makefile is a bit hard to read runtime(doc): fix typo in syntax.txt runtime(doc): -x is only available when compiled with crypt feature * v9.1.0658: Coverity warns about dereferencing NULL pointer. runtime(colors): update Todo highlight in habamax colorscheme * v9.1.0657: MSVC build time can be optimized * v9.1.0656: MSVC Makefile CPU handling can be improved * v9.1.0655: goaccess config file not recognized CI: update clang compiler to version 20 runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore` * v9.1.0654: completion does not respect completeslash with fuzzy * v9.1.0653: Patch v9.1.0648 not completely right * v9.1.0652: too many strlen( calls in syntax.c * v9.1.0651 :append * v9.1.0650: Coverity warning in cstrncmp() * v9.1.0649: Wrong comment for 'len' argument of call_simple_func() * v9.1.0648: [security] double-free in dialog_changed() * v9.1.0647: [security] use-after-free in tagstack_clear_entry runtime(doc): re-format tag example lines, mention ctags --list-kinds * v9.1.0646: imported function may not be found runtime(java): Document 'g:java_space_errors' and 'g:java_comment_strings' runtime(java): Cluster optional group definitions and their group links runtime(java): Tidy up the syntax file runtime(java): Tidy up the documentation for 'ft-java-syntax' runtime(colors): update habamax scheme - tweak diff/search/todo colors runtime(nohlsearch): add missing loaded_hlsearch guard runtime(kivy): Updated maintainer info for syntax script Maintainers: Add maintainer for ondir ftplugin + syntax files runtime(netrw): removing trailing slash when copying files in same directory * v9.1.0645: wrong match when searching multi-byte char case-insensitive runtime(html): update syntax script to sync by 250 minlines by default * v9.1.0644: Unnecessary STRLEN( when applying mapping runtime(zip): Opening a remote zipfile don't work runtime(cuda): source c and cpp ftplugins * v9.1.0643: cursor may end up on invalid position * v9.1.0642: Check that mapping rhs starts with lhs fails if not simplified * v9.1.0641: OLE enabled in console version runtime(thrift): add ftplugin, indent and syntax scripts * v9.1.0640: Makefile can be improved * v9.1.0639: channel timeout may wrap around * v9.1.0638: E1510 may happen when formatting a message for smsg() * v9.1.0637: Style issues in MSVC Makefile - Update apparmor.vim to latest version (from AppArmor 4.0.2) - add support for 'all' and 'userns' rules, and new profile flags - Update to 9.1.0636: * 9.1.0636: filetype: ziggy files are not recognized * 9.1.0635: filetype: SuperHTML template files not recognized * 9.1.0634: Ctrl-P not working by default * 9.1.0633: Compilation warnings with `-Wunused-parameter` * 9.1.0632: MS-Windows: Compiler Warnings Add support for Files-Included in syntax script tweak documentation style a bit * 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion * 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme * 9.1.0629: Rename of pum hl_group is incomplete * 9.1.0628: MinGW: coverage files are not cleaned up * 9.1.0627: MinGW: build-error when COVERAGE is enabled * 9.1.0626: Vim9: need more tests with null objects include initial filetype plugin * 9.1.0625: tests: test output all translated messages for all translations * 9.1.0624: ex command modifiers not found * 9.1.0623: Mingw: errors when trying to delete non-existing files * 9.1.0622: MS-Windows: mingw-build can be optimized * 9.1.0621: MS-Windows: startup code can be improved * 9.1.0620: Vim9: segfauls with null objects * 9.1.0619: tests: test_popup fails * 9.1.0618: cannot mark deprecated attributes in completion menu * 9.1.0617: Cursor moves beyond first line of folded end of buffer * 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles * 9.1.0615: Unnecessary STRLEN() in make_percent_swname() Add single-line comment syntax Add syntax test for comments Update maintainer info * 9.1.0614: tests: screendump tests fail due to recent syntax changes * 9.1.0613: tests: termdebug test may fail and leave file around Update base-syntax, improve :set highlighting Optionally highlight the :: token for method references * 9.1.0612: filetype: deno.lock file not recognized Use delete() for deleting directory escape filename before trying to delete it * 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys correctly extract file from zip browser * 9.1.0610: filetype: OpenGL Shading Language files are not detected Fix endless recursion in netrw#Explore() * 9.1.0609: outdated comments in Makefile update syntax script Fix flow mapping key detection Remove orphaned YAML syntax dump files * 9.1.0608: Coverity warns about a few potential issues Update syntax script and remove syn sync * 9.1.0607: termdebug: uses inconsistent style * 9.1.0606: tests: generated files may cause failure in test_codestyle * 9.1.0605: internal error with fuzzy completion * 9.1.0604: popup_filter during Press Enter prompt seems to hang translation: Update Serbian messages translation * 9.1.0603: filetype: use correct extension for Dracula * 9.1.0602: filetype: Prolog detection can be improved fix more inconsistencies in assert function docs * 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit Update base-syntax, improve :map highlighting * 9.1.0600: Unused function and unused error constants * 9.1.0599: Termdebug: still get E1023 when specifying arguments correct wrong comment options fix typo 'a xterm' -> 'an xterm' * 9.1.0598: fuzzy completion does not work with default completion * 9.1.0597: KeyInputPre cannot get the (unmapped typed) key * 9.1.0596: filetype: devscripts config files are not recognized gdb file/folder check is now performed only in CWD. quote filename arguments using double quotes update syntax to SDC-standard 2.1 minor updates. Cleanup :match and :loadkeymap syntax test files Update base-syntax, match types in Vim9 variable declarations * 9.1.0595: make errors out with the po Makefile * 9.1.0594: Unnecessary redraw when setting 'winfixbuf' using wrong highlight for UTF-8 include simple syntax plugin * 9.1.0593: filetype: Asymptote files are not recognized add recommended indent options to ftplugin add recommended indent options to ftplugin add recommended indent options to ftplugin * 9.1.0592: filetype: Mediawiki files are not recognized * 9.1.0591: filetype: *.wl files are not recognized * 9.1.0590: Vim9: crash when accessing getregionpos() return value 'cpoptions': Include 'z' in the documented default * 9.1.0589: vi: d{motion} and cw work differently than expected update included colorschemes grammar fixes in options.txt - Update to 9.1.0588: * 9.1.0588: The maze program no longer compiles on newer clang runtime(typst): Add typst runtime files * 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky * 9.1.0586: ocaml runtime files are outdated runtime(termdebug): fix a few issues * 9.1.0585: tests: test_cpoptions leaves swapfiles around * 9.1.0584: Warning about redeclaring f_id() non-static runtime(doc): Add hint how to load termdebug from vimrc runtime(doc): document global insert behavior * 9.1.0583: filetype: *.pdf_tex files are not recognized * 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode * 9.1.0581: Various lines are indented inconsistently * 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode * 9.1.0579: Ex command is still executed after giving E1247 * 9.1.0578: no tests for :Tohtml * 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim * 9.1.0576: tests: still an issue with test_gettext_make * 9.1.0575: Wrong comments in alt_tabpage() * 9.1.0574: ex: wrong handling of commands after bar runtime(doc): add a note for netrw bug reports * 9.1.0573: ex: no implicit print for single addresses runtime(vim): make &indentexpr available from the outside * 9.1.0572: cannot specify tab page closing behaviour runtime(doc): remove obsolete Ex insert behavior * 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky runtime(logindefs): update syntax with new keywords * 9.1.0570: tests: test_gettext_make can be improved runtime(filetype): Fix Prolog file detection regex * 9.1.0569: fnamemodify() treats '..' and '../' differently runtime(mojo): include mojo ftplugin and indent script * 9.1.0568: Cannot expand paths from 'cdpath' setting * 9.1.0567: Cannot use relative paths as findfile() stop directories * 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash * 9.1.0565: Stop directory doesn't work properly in 'tags' * 9.1.0564: id() can be faster * 9.1.0563: Cannot process any Key event * 9.1.0562: tests: inconsistency in test_findfile.vim runtime(fstab): Add missing keywords to fstab syntax * 9.1.0561: netbeans: variable used un-initialized (Coverity) * 9.1.0560: bindtextdomain() does not indicate an error * 9.1.0559: translation of vim scripts can be improved * 9.1.0558: filetype: prolog detection can be improved * 9.1.0557: moving in the buffer list doesn't work as documented runtime(doc): fix inconsistencies in :h file-searching * 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages runtime(htmlangular): correct comment * 9.1.0555: filetype: angular ft detection is still problematic * 9.1.0554: :bw leaves jumplist and tagstack data around * 9.1.0553: filetype: *.mcmeta files are not recognized * 9.1.0552: No test for antlr4 filetype * 9.1.0551: filetype: htmlangular files are not properly detected * 9.1.0550: filetype: antlr4 files are not recognized * 9.1.0549: fuzzycollect regex based completion not working as expected runtime(doc): autocmd_add() accepts a list not a dict * 9.1.0548: it's not possible to get a unique id for some vars runtime(tmux): Update syntax script * 9.1.0547: No way to get the arity of a Vim function * 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A runtime(hlsplaylist): include hlsplaylist ftplugin file runtime(doc): fix typo in :h ft-csv-syntax runtime(doc): Correct shell command to get $VIMRUNTIME into shell * 9.1.0545: MSVC conversion warning * 9.1.0544: filetype: ldapconf files are not recognized runtime(cmakecache): include cmakecache ftplugin file runtime(lex): include lex ftplugin file runtime(yacc): include yacc ftplugin file runtime(squirrel): include squirrel ftplugin file runtime(objcpp): include objcpp ftplugin file runtime(tf): include tf ftplugin file runtime(mysql): include mysql ftplugin file runtime(javacc): include javacc ftplugin file runtime(cabal): include cabal ftplugin file runtime(cuda): include CUDA ftplugin file runtime(editorconfig): include editorconfig ftplugin file runtime(kivy): update kivy syntax, include ftplugin runtime(syntax-tests): Stop generating redundant '*_* 99.dump' files * 9.1.0543: Behavior of CursorMovedC is strange runtime(vim): Update base-syntax, improve :match command highlighting * 9.1.0542: Vim9: confusing string() output for object functions * 9.1.0541: failing test with Vim configured without channel * 9.1.0540: Unused assignment in sign_define_cmd() runtime(doc): add page-scrolling keys to index.txt runtime(doc): add reference to xterm-focus-event from FocusGained/Lost * 9.1.0539: Not enough tests for what v9.1.0535 fixed runtime(doc): clarify how to re-init csv syntax file * 9.1.0538: not possible to assign priority when defining a sign * 9.1.0537: signed number detection for CTRL-X/A can be improved * 9.1.0536: filetype: zone files are not recognized * 9.1.0535: newline escape wrong in ex mode runtime(man): honor cmd modifiers before `g:ft_man_open_mode` runtime(man): use `nnoremap` to map to Ex commands * 9.1.0534: completion wrong with fuzzy when cycling back to original runtime(syntax-tests): Abort and report failed cursor progress runtime(syntax-tests): Introduce self tests for screen dumping runtime(syntax-tests): Clear and redraw the ruler line with the shell info runtime(syntax-tests): Allow for folded and wrapped lines in syntax test files * 9.1.0533: Vim9: need more tests for nested objects equality CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries runtime(doc): Remove wrong help tag CTRL-SHIFT-CR * 9.1.0532: filetype: Cedar files not recognized runtime(doc): document further keys that scroll page up/down * 9.1.0531: resource leak in mch_get_random() runtime(tutor): Fix wrong spanish translation runtime(netrw): fix remaining case of register clobber * 9.1.0530: xxd: MSVC warning about non-ASCII character * 9.1.0529: silent! causes following try/catch to not work runtime(rust): use shiftwidth() in indent script * 9.1.0528: spell completion message still wrong in translations * 9.1.0527: inconsistent parameter in Makefiles for Vim executable * 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config * 9.1.0525: Right release selects immediately when pum is truncated. * 9.1.0524: the recursive parameter in the *_equal functions can be removed runtime(termdebug): Add Deprecation warnings * 9.1.0523: Vim9: cannot downcast an object * 9.1.0522: Vim9: string(object) hangs for recursive references * 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13 * 9.1.0520: Vim9: incorrect type checking for modifying lists runtime(manpager): avoid readonly prompt * 9.1.0519: MS-Windows: libvterm compilation can be optimized * 9.1.0518: initialize the random buffer can be improved * 9.1.0517: MS-Windows: too long lines in Make_mvc.mak runtime(terraform): Add filetype plugin for terraform runtime(dockerfile): enable spellchecking of comments in syntax script runtime(doc): rename variable for pandoc markdown support runtime(doc): In builtin overview use {buf} as param for appendbufline/setbufline runtime(doc): clarify, that register 1-* 9 will always be shifted runtime(netrw): save and restore register 0-* 9, a and unnamed runtime(termdebug): Refactored StartDebug_term and EndDebug functions runtime(java): Compose 'g:java_highlight_signature' and 'g:java_highlight_functions' * 9.1.0516: need more tests for nested dicts and list comparision * 9.1.0515: Vim9: segfault in object_equal() * 9.1.0514: Vim9: issue with comparing objects recursively runtime(termdebug): Change some variables to Enums runtime(vim): Update base-syntax, fix function tail comments * 9.1.0513: Vim9: segfault with object comparison - Update to 9.1.0512: * Mode message for spell completion doesn't match allowed keys * CursorMovedC triggered wrongly with setcmdpos() * update runtime files * CI: test_gettext fails on MacOS14 + MSVC Win * not possible to translate Vim script messages * termdebug plugin can be further improved * add gomod filetype plugin * hard to detect cursor movement in the command line * Optionally highlight parameterised types * filetype: .envrc & .prettierignore not recognized * filetype: Faust files are not recognized * inner-tag textobject confused about '>' in attributes * cannot use fuzzy keyword completion * Remove the group exclusion list from @javaTop * wrong return type for execute() function * MS-Windows: too much legacy code * too complicated mapping restore in termdebug * simplify mapping * cannot switch buffer in a popup * MS-Windows: doesn't handle symlinks properly * getcmdcompltype() interferes with cmdline completion * termdebug can be further improved * update htmldjango detection * Improve Turkish documentation * include a simple csv filetype and syntax plugin * include the the simple nohlsearch package * matched text is highlighted case-sensitively * Matched text isn't highlighted in cmdline pum * Fix typos in several documents * clarify when text properties are cleared * improve the vim-shebang example * revert unintended formatting changes for termdebug * Add a config variable for commonly used compiler options * Wrong matched text highlighted in pum with 'rightleft' * bump length of character references in syntax script * properly check mapping variables using null_dict * fix KdlIndent and kdlComment in indent script * Test for patch 9.1.0489 doesn't fail without the fix * Fold multi-line comments with the syntax kind of &fdm * using wrong type for PlaceSign() * filetype: Vim-script files not detected by shebang line * revert unintended change to zip#Write() * add another tag for vim-shebang feature * Cmdline pum doesn't work properly with 'rightleft' * minor style problems with patch 9.1.0487 * default completion may break with fuzzy * Wrong padding for pum 'kind' with 'rightleft' * Update base-syntax, match shebang lines * MS-Windows: handle files with spaces properly * Restore HTML syntax file tests * completed item not update on fuzzy completion * filetype: Snakemake files are not recognized * make TermDebugSendCommand() a global function again * close all buffers in the same way * Matched text shouldn't be highlighted in 'kind' and 'menu' * fix wrong helptag for :defer * Update base-syntax, match :sleep arg * include Georgian keymap * Sorting of completeopt+=fuzzy is not stable * correctly test for windows in NetrwGlob() * glob() on windows fails with [] in directory name * rewrite mkdir() doc and simplify {flags} meaning * glob() not sufficiently tested * update return type for job_info() * termdebug plugin needs more love * correct return types for job_start() and job_status() * Update base-syntax, match :catch and :throw args * Include element values in non-marker annotations * Vim9: term_getjob() throws an exception on error * fuzzy string matching executed when not needed * fuzzy_match_str_with_pos() does unnecessary list operations * restore description of '$' in col() and virtcol() * deduplicate getpos(), line(), col(), virtcol() * Update g:vimsyn_comment_strings dump file tests * Use string interpolation instead of string concat * potential deref of NULL pointer in fuzzy_match_str_with_pos * block_editing errors out when using * Update base-syntax, configurable comment string highlighting * fix typos in syntax.txt * Cannot see matched text in popup menu * Update base-syntax, match multiline continued comments * clarify documentation for 'v' position at line() * cmod_split modifier is always reset in term_start() * remove line-continuation characters * use shiftwidth() instead of &tabstop in indent script * Remove orphaned screen dump files * include syntax, indent and ftplugin files * CI: Test_ColonEight() fails on github runners * add missing Enabled field in syntax script * basic svelte ftplugin file * term_start() does not clear vertical modifier * fix mousemodel restoration by comparing against null_string * Added definitions of Vim scripts and plugins * Exclude lambda expressions from _when_ _switch-case_ label clauses * Fix saved_mousemodel check * Inconsistencies between functions for option flags * Crash when using autocmd_get() after removing event inside autocmd * Fix small style issues * add return type info for Vim function descriptions * Update Italian Vim manpage * disable the q mapping * Change 'cms' for C++ to '// %s' * fix type mismatch error * Fix wrong email address * convert termdebug plugin to Vim9 script - Update to 9.1.0470: * tests Test_ColonEight_MultiByte() fails sporadically * Cannot have buffer-local value for 'completeopt' * GvimExt does not consult HKEY_CURRENT_USER * typos in some comments * runtime(vim): Update base-syntax, allow whitespace before :substitute pattern * Missing comments for fuzzy completion * runtime(man): update Vim manpage * runtime(comment): clarify the usage of 'commentstring' option value * runtime(doc): clarify how fuzzy 'completeopt' should work * runtime(netrw): prevent accidental data loss * missing filecopy() function * no whitespace padding in commentstring option in ftplugins * no fuzzy-matching support for insert-completion * eval5() and eval7 are too complex * too many strlen() calls in drawline.c * filetype lintstagedrc files are not recognized * Vim9 import autoload does not work with symlink * Coverity complains about division by zero * tests test_gui fails on Wayland * Left shift is incorrect with vartabstop and shiftwidth=0 * runtime(doc): clarify 'shortmess' flag 'S' * MS-Windows compiler warning for size_t to int conversion * runtime(doc): include some vim9 script examples in the help * minor issues in test_filetype with rasi test * filetype rasi files are not recognized * runtime(java): Improve the matching of lambda expressions * Configure checks for libelf unnecessarily * No test for escaping '<' with shellescape() * check.vim complains about overlong comment lines * translation(it): Update Italian translation * evalc. code too complex * MS-Windows Compiler warnings - Update to 9.1.0448: * compiler warning in eval.c * remove remaining css code * Add ft_hare.txt to Reference Manual TOC * re-generate vim syntax from generator * fix syntax vim bug * completion may be wrong when deleting all chars * getregionpos() inconsistent for partly-selected multibyte char * fix highlighting nested and escaped quotes in string props * remove the indent plugin since it has too many issues * update Debian runtime files * Coverity warning after 9.1.0440 * Not enough tests for getregion() with multibyte chars * Can't use blockwise selection with width for getregion() * update outdated syntax files * fix floating_modifier highlight * hare runtime files outdated * getregionpos() can't properly indicate positions beyond eol * function get_lval() is too long * Cannot filter the history * Wrong Ex command executed when :g uses '?' as delimiter * support floating_modifier none; revert broken highlighting * Motif requires non-const char pointer for XPM data * Crash when using '?' as separator for :s * filetype: cygport files are not recognized * make errors trying to access autoload/zig * Wrong yanking with exclusive selection and ve=all * add missing help tags file * Ancient XPM preprocessor hack may cause build errors * include basic rescript ftplugin file * eval.c is too long * getregionpos() doesn't handle one char selection * check for gdb file/dir before using as buffer name * refactor zig ftplugin, remove auto format * Coverity complains about eval.c refactor * Tag guessing leaves wrong search history with very short names * some issues with termdebug mapping test * update matchit plugin to v1.20 * too many strlen() calls in search.c * set commentstring option * update vb indent plugin as vim9script * filetype: purescript files are not recognized * filetype: slint files are not recognized * basic nim ftplugin file for comments * Add Arduino ftplugin and indent files * include basic typst ftplugin file * include basic prisma ftplugin file * include basic v ftplugin for comment support * getregionpos() wrong with blockwise mode and multibyte * function echo_string_core() is too long * hyprlang files are not recognized * add basic dart ftplugin file * basic ftplugin file for graphql * mention comment plugin at :h 'commentstring' * set commentstring for sql files in ftplugin * :browse oldfiles prompts even with single entry * eval.c not sufficiently tested * clarify why E195 is returned * clarify temporary file clean up * fix :NoMatchParen not working * Cannot move to previous/next rare word * add basic ftplugin file for sshdconfig * if_py: find_module has been removed in Python 3.12.0a7 * some screen dump tests can be improved * Some functions are not tested * clarify instal instructions for comment package * Unable to leave long line with 'smoothscroll' and 'scrolloff' * fix typo in vim9script help file * Remove trailing spaces * clarify {special} argument for shellescape() update to 9.1.0413: * smoothscroll may cause infinite loop * add missing entries for the keys CTRL-W g and * update vi_diff.txt: add default value for 'flash' * typo in regexp_bt.c in DEBUG code * allow indented commands * Fix wrong define regex in ftplugin * Filter out non-Latin-1 characters for syntax tests * prefer scp over pscp * fix typo in usr_52.txt * too long functions in eval.c * warning about uninitialized variable * too many strlen() calls in the regexp engine * E16 fix, async keyword support for define * Stuck with long line and half-page scrolling * Divide by zero with getmousepos() and 'smoothscroll' * update and remove some invalid links * update translation of xxd manpage * Recursively delete directories by default with netrw delete command * Strive to remain compatible for at least Vim 7.0 * tests: xxd buffer overflow fails on 32-bit * Stop handpicking syntax groups for @javaTop * [security] xxd: buffer-overflow with specific flags * Vim9: not able to import file from start dir * filetype: mdd files detected as zsh filetype * filetype: zsh module files are not recognized * Remove hardcoded private.ppk logic from netrw * Vim9: confusing error message for unknown type * block_editing errors out when using del * add new items to scripts section in syntax plugin * Vim9: imported vars are not properly type checked * Wrong display with 'smoothscroll' when changing quickfix list * filetype: jj files are not recognized * getregionpos() may leak memory on error * The CODEOWNERS File is not useful * Remove and cleanup Win9x legacy from netrw * add MsgArea to 'highlight' option description * Cannot get a list of positions describing a region * Fix digit separator in syntax script for octals and floats * Update link to Wikipedia Vi page * clear $MANPAGER in ftplugin before shelling out * Fix typos in help documents * 'viewdir' not respecting $XDG_CONFIG_HOME * tests: Vim9 debug tests may be flaky * correct getscriptinfo() example * Vim9: could improve testing * test_sound fails on macos-12 * update Serbian menu * update Slovak menu * update Slovenian menu * update Portuguese menu * update Dutch menu * update Korean menu * update Icelandic menu * update Czech menu * update Afrikaans menu * update German menu * filetype: inko files are not recognized * filetype: templ files are not recognized * cursor() and getregion() don't handle v:maxcol well * Vim9: null value tests not sufficient * update Catalan menu * filetype: stylus files not recognized * update spanish menu localization * regenerate helptags * Vim9: crash with null_class and null_object * Add tags about lazyloading of menu * tests: vt420 terminfo entry may not be found * filetype: .out files recognized as tex files * filetype: Kbuild files are not recognized * cbuffer and similar commands don't accept a range * Improve the recognition of the 'indent' method declarations * Fix a typo in usr_30.txt * remove undefined var s:save_cpoptions and add include setting * missing setlocal in indent plugin * Calculating line height for unnecessary amount of lines * improve syntax file performance * There are a few typos * Vim9: no comments allowed after class vars * CI: remove trailing white space in documentation * Formatting text wrong when 'breakindent' is set * Add oracular (24.10) as Ubuntu release name * Vim9: Trailing commands after class/enum keywords ignored * tests: 1-second delay after Test_BufEnter_botline() * update helptags for jq syntax * include syntax, ftplugin and compiler plugin * fix typo synconcealend -> synconcealed * include a simple comment toggling plugin * wrong botline in BufEnter * clarify syntax vs matching mechanism * fix undefined variable in indent plugin * ops.c code uses too many strlen() calls * Calling CLEAR_FIELD() on the same struct twice * Vim9: compile_def_function() still too long * Update Serbian messages * clarify the effect of setting the shell to powershell * Improve the recognition of the 'style' method declarations * Vim9: problem when importing autoloaded scripts * compile_def_function is too long * filetype: ondir files are not recognized * Crash when typing many keys with D- modifier * tests: test_vim9_builtin is a bit slow * update documentation * change the download URL of 'libsodium' * tests: test_winfixbuf is a bit slow * Add filetype, syntax and indent plugin for Astro * expanding rc config files does not work well * Vim9: vim9type.c is too complicated * Vim9: does not handle autoloaded variables well * minor spell fix in starting.txt * wrong drawing in GUI with setcellwidth() * Add include and suffixesadd * Page scrolling should place cursor at window boundaries * align command line table * minor fixes to starting.txt * fix comment definition in filetype plugin * filetype: flake.lock files are not recognized * runtime(uci): No support for uci file types * Support 'g:ftplugin_java_source_path' with archived files * tests: Test_autoload_import_relative_compiled fails on Windows * Finding cmd modifiers and cmdline-specials is inefficient * No test that completing a partial mapping clears 'showcmd' * tests: test_vim9_dissamble may fail * Vim9: need static type for typealias * X11 does not ignore smooth scroll event * A few typos in test_xdg when testing gvimrc * Patch v9.1.0338 fixed sourcing a script with import * Problem: gvimrc not sourced from XDG_CONFIG_HOME * Cursor wrong after using setcellwidth() in terminal * 'showcmd' wrong for partial mapping with multibyte * tests: test_taglist fails when 'helplang' contains non-english * Problem: a few memory leaks are found * Problem: Error with matchaddpos() and empty list * tests: xdg test uses screen dumps * Vim9: import through symlinks not correctly handled * Missing entry for XDG vimrc file in :version * tests: typo in test_xdg * runtime(i3config/swayconfig): update syntax scripts * document pandoc compiler and enable configuring arguments * String interpolation fails for List type * No test for highlight behavior with 'ambiwidth' * tests: test_xdg fails on the appimage repo * tests: some assert_equal() calls have wrong order of args * make install does not install all files * runtime(doc): fix typos in starting.txt - Updated to version 9.1 with patch level 0330, fixes the following problems * Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1 For the complete list of changes see https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330 ----------------------------------------------------------------- Advisory ID: 218 Released: Tue Feb 25 14:27:13 2025 Summary: Security update for kernel-firmware Type: security Severity: important References: 1219458,1229069,1229272,1230007,1230596,1234027,CVE-2023-31315 This update for kernel-firmware fixes the following issues: - Update to version 20241128 (git commit ea71da6f0690): * i915: Update Xe2LPD DMC to v2.24 * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * iwlwifi: add Bz-gf FW for core89-91 release * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: add smu 13.0.14 firmware * amdgpu: add sdma 4.4.5 firmware * amdgpu: add psp 13.0.14 firmware * amdgpu: add gc 9.4.4 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update psp 14.0.4 firmware * amdgpu: update gc 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update vcn 4.0.6 firmware * amdgpu: update psp 14.0.1 firmware * amdgpu: update gc 11.5.1 firmware * amdgpu: update vcn 4.0.5 firmware * amdgpu: update psp 14.0.0 firmware * amdgpu: update gc 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update arcturus firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update sdma 4.4.2 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update psp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware - Update to version 20241125 (git commit 508d770ee6f3): * ice: update ice DDP wireless_edge package to 1.3.20.0 * ice: update ice DDP comms package to 1.3.52.0 * ice: update ice DDP package to ice-1.3.41.0 * amdgpu: update DMCUB to v9.0.10.0 for DCN314 * amdgpu: update DMCUB to v9.0.10.0 for DCN351 - Update to version 20241121 (git commit 48bb90cceb88): * linux-firmware: Update AMD cpu microcode * xe: Update GUC to v70.36.0 for BMG, LNL * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL - Update to version 20241119 (git commit 60cdfe1831e8): * iwlwifi: add Bz-gf FW for core91-69 release - Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 - Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 - Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 - Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set - Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 - Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport - Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert 'copy-firmware: Support additional compressor options' * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 - Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert 'ath12k: WCN7850 hw2.0: update board-2.bin' (replaced with a newer firmware in this package instead) - Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram - Update to version 20241001 (git commit 51e5af813eaf): * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920) * linux-firmware: add firmware for MT7920 * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * qcom: update gpu firmwares for qcm6490 chipset * mt76: mt7996: add firmware files for mt7992 chipset * mt76: mt7996: add firmware files for mt7996 chipset variants * qcom: add gpu firmwares for sa8775p chipset * rtw89: 8922a: add fw format-2 v0.35.42.1 - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Update to version 20240912 (git commit 47c72fee8fe3): * amdgpu: Add VPE 6.1.3 microcode * amdgpu: add SDMA 6.1.2 microcode * amdgpu: Add support for PSP 14.0.4 * amdgpu: add GC 11.5.2 microcode * qcom: qcm6490: add ADSP and CDSP firmware * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Solar core - Update to version 20240911 (git commit 59def907425d): * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272) - Update to version 20240910 (git commit 2a7b69a3fa30): * realtek: rt1320: Add patch firmware of MCU * i915: Update MTL DMC v2.23 * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 - Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027) * amdgpu: DMCUB updates forvarious AMDGPU ASICs * rtw89: 8922a: add fw format-1 v0.35.41.0 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * rtl_bt: Add firmware and config files for RTL8922A * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part * rtl_bt: de-dupe identical config.bin files * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin * linux-firmware: Update AMD SEV firmware * linux-firmware: update firmware for MT7996 * Revert 'i915: Update MTL DMC v2.22' * ath12k: WCN7850 hw2.0: update board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3 * ath11k: QCA2066 hw2.1: add board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1 * qcom: vpu: add video firmware for sa8775p * amdgpu: DMCUB updates for various AMDGPU ASICs - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 The following package changes have been done: - kernel-firmware-amdgpu-20241128-1.1 updated - kernel-firmware-ath10k-20241128-1.1 updated - kernel-firmware-ath11k-20241128-1.1 updated - kernel-firmware-ath12k-20241128-1.1 updated - kernel-firmware-atheros-20241128-1.1 updated - kernel-firmware-bluetooth-20241128-1.1 updated - kernel-firmware-bnx2-20241128-1.1 updated - kernel-firmware-brcm-20241128-1.1 updated - kernel-firmware-chelsio-20241128-1.1 updated - kernel-firmware-dpaa2-20241128-1.1 updated - kernel-firmware-i915-20241128-1.1 updated - kernel-firmware-intel-20241128-1.1 updated - kernel-firmware-iwlwifi-20241128-1.1 updated - kernel-firmware-liquidio-20241128-1.1 updated - kernel-firmware-marvell-20241128-1.1 updated - kernel-firmware-media-20241128-1.1 updated - kernel-firmware-mediatek-20241128-1.1 updated - kernel-firmware-mellanox-20241128-1.1 updated - kernel-firmware-mwifiex-20241128-1.1 updated - kernel-firmware-network-20241128-1.1 updated - kernel-firmware-nfp-20241128-1.1 updated - kernel-firmware-nvidia-20241128-1.1 updated - kernel-firmware-platform-20241128-1.1 updated - kernel-firmware-prestera-20241128-1.1 updated - kernel-firmware-qcom-20241128-1.1 updated - kernel-firmware-qlogic-20241128-1.1 updated - kernel-firmware-radeon-20241128-1.1 updated - kernel-firmware-realtek-20241128-1.1 updated - kernel-firmware-serial-20241128-1.1 updated - kernel-firmware-sound-20241128-1.1 updated - kernel-firmware-ti-20241128-1.1 updated - kernel-firmware-ueagle-20241128-1.1 updated - kernel-firmware-usb-network-20241128-1.1 updated - vim-data-common-9.1.1101-1.1 updated - kernel-firmware-all-20241128-1.1 updated - vim-small-9.1.1101-1.1 updated - container:SL-Micro-base-container-2.1.3-5.5 updated