SUSE-IU-2025:523-1: Security update of suse/sl-micro/6.0/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Feb 4 13:52:00 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:523-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.3 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 5.3
Severity : critical
Type : security
References : 1234100 1234101 1234102 1234103 1234104 1235475 CVE-2024-12084
CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 203
Released: Tue Feb 4 09:59:54 2025
Summary: Security update for rsync
Type: security
Severity: critical
References: 1234100,1234101,1234102,1234103,1234104,1235475,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing (bsc#1234100).
- CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR (bsc#1234101).
- CVE-2024-12086: Fixed server leaking arbitrary client files (bsc#1234102).
- CVE-2024-12087: Fixed server use of symbolic links to make client write files outside of destination directory (bsc#1234103).
- CVE-2024-12088: Fixed --safe-links bypass (bsc#1234104).
- CVE-2024-12747: Fixed Race Condition in rsync Handling Symbolic Links (bsc#1235475).
The following package changes have been done:
- rsync-3.2.7-4.1 updated
More information about the sle-container-updates
mailing list