SUSE-IU-2025:523-1: Security update of suse/sl-micro/6.0/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Feb 4 13:52:00 UTC 2025


SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:523-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.3 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 5.3
Severity          : critical
Type              : security
References        : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084
                        CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 203
Released:    Tue Feb  4 09:59:54 2025
Summary:     Security update for rsync
Type:        security
Severity:    critical
References:  1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:

- CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100).
- CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101).
- CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102).
- CVE-2024-12087: Fixed server use of symbolic links to  make client write files outside of destination directory (bsc#1234103).
- CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104).
- CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475).


The following package changes have been done:

- rsync-3.2.7-4.1 updated


More information about the sle-container-updates mailing list