SUSE-CU-2025:952-1: Security update of suse/manager/5.0/x86_64/proxy-httpd

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Feb 17 08:09:20 UTC 2025


SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:952-1
Container Tags        : suse/manager/5.0/x86_64/proxy-httpd:5.0.3 , suse/manager/5.0/x86_64/proxy-httpd:5.0.3.7.11.4 , suse/manager/5.0/x86_64/proxy-httpd:latest
Container Release     : 7.11.4
Severity              : important
Type                  : security
References            : 1027642 1081596 1159034 1188441 1194818 1194818 1203617 1210959
                        1212161 1212985 1213437 1214915 1215815 1216683 1216946 1217338
                        1218609 1219031 1219736 1220262 1220338 1220494 1220523 1220690
                        1220693 1220696 1220724 1220902 1221219 1221365 1221601 1221751
                        1221752 1221753 1221760 1221786 1221787 1221821 1221822 1221824
                        1221827 1222285 1222447 1222574 1222820 1222899 1223094 1223336
                        1224318 1224771 1225267 1225451 1226014 1226030 1226463 1226493
                        1226958 1227100 1227138 1227205 1227261 1227374 1227625 1227644
                        1227759 1227793 1227807 1227827 1227852 1227882 1227888 1228042
                        1228138 1228182 1228206 1228208 1228232 1228261 1228319 1228322
                        1228351 1228420 1228535 1228548 1228647 1228770 1228787 1228856
                        1228956 1228968 1229000 1229028 1229077 1229079 1229228 1229286
                        1229329 1229465 1229476 1229848 1229902 1230093 1230111 1230135
                        1230145 1230267 1230502 1230516 1230585 1230638 1230670 1230698
                        1230741 1230833 1230912 1230943 1230951 1230972 1231043 1231048
                        1231051 1231053 1231255 1231377 1231378 1231398 1231404 1231430
                        1231459 1231463 1231463 1231762 1231795 1231833 1232042 1232125
                        1232227 1232528 1232530 1232579 1232713 1232844 1233258 1233282
                        1233307 1233383 1233400 1233426 1233431 1233433 1233450 1233497
                        1233595 1233696 1233699 1233724 1233752 1233761 1233793 1233871
                        1233884 1234015 1234068 1234251 1234313 1234441 1234665 1234749
                        1234765 1234994 1235145 1235151 1235692 1235908 1236460 1236705
                        222971 916845 CVE-2013-4235 CVE-2013-4235 CVE-2022-49043 CVE-2023-50782
                        CVE-2024-11053 CVE-2024-11168 CVE-2024-21528 CVE-2024-41996 CVE-2024-45801
                        CVE-2024-50602 CVE-2024-52533 CVE-2024-5535 CVE-2024-6119 CVE-2024-6197
                        CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0938 
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released:    Tue Jul 30 09:12:44 2024
Summary:     Security update for shadow
Type:        security
Severity:    important
References:  916845,CVE-2013-4235
This update for shadow fixes the following issues:

- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2635-1
Released:    Tue Jul 30 09:14:09 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1222899,1223336,1226463,1227138,CVE-2024-5535
This update for openssl-3 fixes the following issues:

Security fixes:

- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)

Other fixes:

- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released:    Tue Aug  6 14:35:49 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228548

This update for permissions fixes the following issue:

* cockpit: moved setuid executable (bsc#1228548)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released:    Tue Aug  6 14:58:38 2024
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:

- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released:    Tue Aug  6 16:35:06 2024
Summary:     Recommended update for various 32bit packages
Type:        recommended
Severity:    moderate
References:  1228322

This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released:    Wed Aug  7 09:49:32 2024
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1228770,CVE-2013-4235
This update for shadow fixes the following issues:

- Fixed not copying of skel files (bsc#1228770)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2888-1
Released:    Tue Aug 13 11:07:41 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1159034,1194818,1218609,1222285
This update for util-linux fixes the following issues:

- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released:    Mon Aug 19 15:41:29 2024
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1194818
This update for pam fixes the following issue:

- Prevent cursor escape from the login prompt (bsc#1194818).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released:    Tue Sep  3 17:00:40 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:

- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:    
    
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
  it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
  identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released:    Tue Sep  3 17:43:10 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228968,1229329
This update for permissions fixes the following issues:

- Update to version 20240826:
  * permissions: remove outdated entries (bsc#1228968)

- Update to version 20240826:
  * cockpit: revert path change (bsc#1229329)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released:    Mon Sep  9 12:25:30 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1228042
This update for glibc fixes the following issue:

- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3178-1
Released:    Mon Sep  9 14:39:12 2024
Summary:     Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type:        recommended
Severity:    important
References:  1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971
This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

- Make sure not to statically linked installed tools (bsc#1228787)
- MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
- Export asSolvable for YAST (bsc#1228420)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- Fix 4 typos in zypp.conf
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- Removed dependency on external find program in the repo2solv tool
- Fix return value of repodata.add_solv()
- New SOLVER_FLAG_FOCUS_NEW flag
- Fix return value of repodata.add_solv() in the bindings
- Fix SHA-224 oid in solv_pgpvrfy
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
- Fix int overflow in Provider
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- Keep UrlResolverPlugin API public
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
- Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
- Show rpm install size before installing (bsc#1224771)
- Install zypp/APIConfig.h legacy include
- Update soname due to RepoManager refactoring and cleanup
- Workaround broken libsolv-tools-base requirements
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released:    Wed Sep 11 10:55:22 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1230093,CVE-2024-8096
This update for curl fixes the following issues:

- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released:    Fri Sep 13 12:00:58 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1229476
This update for util-linux fixes the following issue:

- Skip aarch64 decode path for rest of the architectures (bsc#1229476).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released:    Wed Sep 18 14:27:53 2024
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1229028
This update for ncurses fixes the following issues:

- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3346-1
Released:    Thu Sep 19 17:20:06 2024
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1228647,1230267
This update for libzypp, zypper fixes the following issues:

- API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released:    Fri Sep 27 15:16:38 2024
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1230516
This update for curl fixes the following issue:

- Make special characters in URL work with aws-sigv4 (bsc#1230516).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released:    Tue Oct  1 16:03:34 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:

- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released:    Tue Oct  1 16:22:27 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1230638
This update for glibc fixes the following issue:

- Use nss-systemd by default also in SLE (bsc#1230638).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released:    Fri Oct  4 15:31:43 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1230145
This update for e2fsprogs fixes the following issue:

- resize2fs: Check  number of group descriptors only if meta_bg is disabled
  (bsc#1230145).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released:    Thu Oct 10 16:39:07 2024
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1230111
This update for cyrus-sasl fixes the following issues:

- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) 
  RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released:    Fri Oct 11 10:39:52 2024
Summary:     Recommended update for bash
Type:        recommended
Severity:    moderate
References:  1227807
This update for bash fixes the following issues:

- Load completion file eveh if a brace expansion is in the
  command line included (bsc#1227807).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3609-1
Released:    Mon Oct 14 11:39:13 2024
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1227100,1230135
This update for SLES-release fixes the following issues:

- update codestream end date (bsc#1227100)
- added weakremover(libsemanage1) (bsc#1230135)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3681-1
Released:    Wed Oct 16 19:34:35 2024
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1230912,1231043
This update for libzypp fixes the following issues:

- Send unescaped colons in header values. According to the STOMP protocol, it
  would be correct to escape colon here but the practice broke plugin receivers
  that didn't expect this. The incompatiblity affected customers who were
  running spacewalk-repo-sync and experienced issues when accessing the cloud
  URL. [bsc#1231043]
  
- Fix hang in curl code with no network connection. [bsc#1230912]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released:    Fri Oct 18 11:56:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1231051
This update for glibc fixes the following issue:

- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released:    Mon Nov  4 12:08:29 2024
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1230972
This update for shadow fixes the following issues:

- Add useradd warnings when requested UID is outside the default range (bsc#1230972)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released:    Wed Nov  6 11:14:28 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1232528,CVE-2024-9681
This update for curl fixes the following issues:

- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released:    Thu Nov  7 11:12:00 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released:    Mon Nov 18 16:22:57 2024
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1232579,CVE-2024-50602
This update for expat fixes the following issues:

- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released:    Mon Nov 25 08:28:17 2024
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issue:

- Version update to v0.389:
  * Update pci, usb and vendor ids

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released:    Mon Nov 25 08:33:05 2024
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  
This update for patterns-base fixes the following issue:

- Updated patterns-base, removing plymouth recommendation on s390x archs.
  Our certification team run into an issue (jsc#PED-10532), when they
  run bare metal installation with fully encrypted disk.
  If the whole disk is crypted, the prompt for the password is sent to
  plymouth, which is obviously showing nothing because for booting bare
  metal (LPAR) is used terminal in HMC. 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4056-1
Released:    Tue Nov 26 06:38:34 2024
Summary:     Recommended update for apache2
Type:        recommended
Severity:    moderate
References:  1227261
This update for apache2 fixes the following issues:

- Fixed the installation location (bsc#1227261)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4156-1
Released:    Tue Dec  3 14:13:15 2024
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- README.md updates
- explicitly require openssl-3 cli
- reorder tags (list the more specific ones first)
- set oci.ref.name and oci.authors correctly

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released:    Thu Dec  5 12:01:40 2024
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:

- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)

Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released:    Thu Dec  5 14:48:33 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released:    Fri Dec  6 10:24:50 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1233699
This update for glibc fixes the following issue:

- Remove nss-systemd from default nsswitch.conf (bsc#1233699).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4244-1
Released:    Fri Dec  6 14:04:39 2024
Summary:     Recommended update for shared-mime-info
Type:        recommended
Severity:    moderate
References:  1231463
This update for shared-mime-info fixes the following issue:

- Uninstall silently if update-mime-database is not present (bsc#1231463).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released:    Wed Dec 11 09:31:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

  - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)

-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4323
Released:    Mon Dec 16 12:13:41 2024
Summary:     Recommended update for release-notes-susemanager, release-notes-susemanager-proxy
Type:        recommended
Severity:    moderate
References:  1230951
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:

release-notes-susemanager:

- Update to SUSE Manager 5.0.2.1
  * The installation images for SUSE Manager have been updated
  * Bugs mentioned:
    bsc#1230951
  
release-notes-susemanager-proxy:

- Update to SUSE Manager 5.0.2.1
  * The installation images for SUSE Manager have been updated
  * Bugs mentioned:
    bsc#1230951
  

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released:    Tue Dec 17 08:17:39 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1231048,1232844
This update for systemd fixes the following issues:

- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released:    Tue Dec 17 16:12:41 2024
Summary:     Recommended update for hwdata
Type:        recommended
Severity:    moderate
References:  
This update for hwdata fixes the following issue:

- Version update v0.390
  * Update pci and vendor ids

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released:    Thu Dec 19 08:23:55 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1203617
This update for aaa_base fixes the following issues:

- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released:    Fri Dec 20 16:41:09 2024
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    moderate
References:  1234749
This update for libzypp fixes the following issues:

- Url: queryparams without value should not have a trailing '='

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released:    Fri Jan  3 14:53:56 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1220338,1232227,1234015
This update for systemd fixes the following issues:

- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:38-1
Released:    Thu Jan  9 10:24:48 2025
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- switch to public-dl.suse.com

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released:    Thu Jan  9 16:04:03 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1219736
This update for permissions fixes the following issues:

- Update to version 20240826:

  * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released:    Mon Jan 13 10:43:05 2025
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1235151

This update for curl fixes the following issue:

- smtp: for starttls, do full upgrade [bsc#1235151]
  * Make sure the TLS handshake after a successful STARTTLS command
    is fully done before further sending/receiving on the connection.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released:    Thu Jan 16 11:20:40 2025
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1234665
This update for glibc fixes the following issues:

- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released:    Wed Jan 22 12:30:04 2025
Summary:     Feature update for zypper, libzypp
Type:        feature
Severity:    low
References:  
This update for zypper, libzypp fixes the following issues:

- info: Allow to query a specific version (jsc#PED-11268)
  To query for a specific version simply append '-<version>' or
  '-<version>-<release>' to the '<name>' pattern. Note that the
  edition part must always match exactly.
- version 1.14.79

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:330-1
Released:    Mon Feb  3 11:50:09 2025
Summary:     Recommended update for apache2
Type:        recommended
Severity:    moderate
References:  1233433
This update for apache2 fixes the following issue:

- update-alternatives script not called during httpd update, never triggered
  from 'zypper dup' (bsc#1233433).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:348-1
Released:    Tue Feb  4 08:10:23 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:

- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)

-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2025-523
Released:    Fri Feb 14 08:15:57 2025
Summary:     Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Type:        recommended
Severity:    moderate
References:  1027642,1212161,1212985,1213437,1215815,1216683,1216946,1217338,1220494,1220902,1221219,1222447,1222574,1222820,1224318,1226958,1227374,1227644,1227759,1227827,1227852,1227882,1228182,1228232,1228261,1228319,1228351,1228856,1228956,1229000,1229077,1229079,1229286,1229848,1229902,1230502,1230585,1230670,1230741,1230833,1230943,1231053,1231255,1231377,1231378,1231398,1231404,1231430,1231459,1231762,1232042,1232125,1232530,1232713,1233258,1233383,1233400,1233426,1233431,1233450,1233497,1233595,1233696,1233724,1233761,1233793,1233871,1233884,1234251,1234441,1234994,1235145,1235692,1235908,CVE-2024-21528,CVE-2024-45801
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server

This is a codestream only update

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released:    Fri Feb 14 08:26:30 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:

- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765) 
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released:    Fri Feb 14 16:10:40 2025
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1236705,CVE-2025-0938
This update for python3 fixes the following issues:

- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)


The following package changes have been done:

- glibc-2.38-150600.14.20.3 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libxml2-2-2.10.3-150500.5.20.1 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libassuan0-2.5.5-150000.4.7.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- ncurses-utils-6.1-150000.5.27.1 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libudev1-254.21-150600.4.21.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- login_defs-4.8.1-150600.17.9.1 updated
- sles-release-15.6-150600.64.3.1 updated
- permissions-20240826-150600.10.12.1 updated
- pam-1.3.0-150000.6.71.2 updated
- libgpgme11-1.23.0-150600.3.2.1 updated
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- shadow-4.8.1-150600.17.9.1 updated
- libzypp-17.35.16-150600.3.41.1 updated
- zypper-1.14.79-150600.10.19.1 updated
- util-linux-2.39.3-150600.4.12.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.8.1 updated
- libgobject-2_0-0-2.78.6-150600.4.8.1 updated
- release-notes-susemanager-proxy-5.0.3-150600.11.20.1 updated
- shared-mime-info-2.4-150600.3.3.2 updated
- libsystemd0-254.23-150600.4.25.1 updated
- python3-base-3.6.15-150300.10.81.1 updated
- libpython3_6m1_0-3.6.15-150300.10.81.1 updated
- hwdata-0.390-150000.3.74.2 updated
- apache2-prefork-2.4.58-150600.5.32.2 updated
- python3-3.6.15-150300.10.81.1 updated
- systemd-254.23-150600.4.25.1 updated
- libgio-2_0-0-2.78.6-150600.4.8.1 updated
- glib2-tools-2.78.6-150600.4.8.1 updated
- python3-libxml2-2.10.3-150500.5.20.1 updated
- apache2-2.4.58-150600.5.32.2 updated
- spacewalk-backend-5.0.11-150600.4.9.5 updated
- python3-spacewalk-client-tools-5.0.8-150600.4.6.3 updated
- spacewalk-client-tools-5.0.8-150600.4.6.3 updated
- spacewalk-proxy-package-manager-5.0.5-150600.3.6.3 updated
- spacewalk-proxy-common-5.0.5-150600.3.6.3 updated
- spacewalk-proxy-broker-5.0.5-150600.3.6.3 updated
- spacewalk-proxy-redirect-5.0.5-150600.3.6.3 updated
- container:sles15-image-15.6.0-47.18.1 updated


More information about the sle-container-updates mailing list