SUSE-CU-2025:953-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Feb 17 08:09:26 UTC 2025


SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:953-1
Container Tags        : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.3 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.3.7.11.5 , suse/manager/5.0/x86_64/proxy-salt-broker:latest
Container Release     : 7.11.5
Severity              : important
Type                  : security
References            : 1081596 1159034 1188441 1194818 1194818 1203617 1210959 1214915
                        1218609 1219031 1219736 1220262 1220338 1220356 1220523 1220690
                        1220693 1220696 1220724 1221365 1221601 1221751 1221752 1221753
                        1221760 1221786 1221787 1221821 1221822 1221824 1221827 1222285
                        1222899 1223094 1223336 1224771 1225267 1225451 1226014 1226030
                        1226414 1226463 1226493 1227100 1227138 1227205 1227525 1227625
                        1227793 1227807 1227888 1228042 1228091 1228138 1228206 1228208
                        1228223 1228322 1228420 1228535 1228548 1228647 1228770 1228787
                        1228809 1228968 1229028 1229329 1229465 1229476 1229518 1230093
                        1230111 1230135 1230145 1230267 1230516 1230638 1230698 1230912
                        1230972 1231043 1231048 1231051 1231463 1231795 1231833 1232227
                        1232528 1232579 1232844 1233282 1233307 1233699 1234015 1234068
                        1234665 1234749 1235151 1236460 1236705 222971 916845 CVE-2013-4235
                        CVE-2013-4235 CVE-2022-49043 CVE-2023-50782 CVE-2024-11053 CVE-2024-11168
                        CVE-2024-41996 CVE-2024-50602 CVE-2024-52533 CVE-2024-5535 CVE-2024-6119
                        CVE-2024-6197 CVE-2024-7264 CVE-2024-8096 CVE-2024-9681 CVE-2025-0938
-----------------------------------------------------------------

The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released:    Tue Jul 30 09:12:44 2024
Summary:     Security update for shadow
Type:        security
Severity:    important
References:  916845,CVE-2013-4235
This update for shadow fixes the following issues:

- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2635-1
Released:    Tue Jul 30 09:14:09 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1222899,1223336,1226463,1227138,CVE-2024-5535
This update for openssl-3 fixes the following issues:

Security fixes:

- CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138)

Other fixes:

- Build with no-afalgeng (bsc#1226463)
- Build with enabled sm2 and sm4 support (bsc#1222899)
- Fix non-reproducibility issue (bsc#1223336)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2641-1
Released:    Tue Jul 30 09:29:36 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  
This update for systemd fixes the following issues:

systemd was updated from version 254.13 to version 254.15:
    
- Changes in version 254.15:

  * boot: cover for hardware keys on phones/tablets
  * Conditional PSI check to reflect changes done in 5.13
  * core/dbus-manager: refuse SoftReboot() for user managers
  * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
  * core/exec-invoke: use sched_setattr instead of sched_setscheduler
  * core/unit: follow merged units before updating SourcePath= timestamp too
  * coredump: correctly take tmpfs size into account for compression
  * cryptsetup: improve TPM2 blob display
  * docs: Add section to HACKING.md on distribution packages
  * docs: fixed dead link to GNOME documentation
  * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
  * Fixed typo in CAP_BPF description
  * LICENSES/README: expand text to summarize state for binaries and libs
  * man: fully adopt ~/.local/state/
  * man/systemd.exec: list inaccessible files for ProtectKernelTunables
  * man/tmpfiles: remove outdated behavior regarding symlink ownership
  * meson: bpf: propagate 'sysroot' for cross compilation
  * meson: Define __TARGET_ARCH macros required by bpf
  * mkfs-util: Set sector size for btrfs as well
  * mkosi: drop CentOS 8 from CI
  * mkosi: Enable hyperscale-packages-experimental for CentOS
  * mountpoint-util: do not assume symlinks are not mountpoints
  * os-util: avoid matching on the wrong extension-release file
  * README: add missing CONFIG_MEMCG kernel config option for oomd
  * README: update requirements for signed dm-verity
  * resolved: allow the full TTL to be used by OPT records
  * resolved: correct parsing of OPT extended RCODEs
  * sysusers: handle NSS errors gracefully
  * TEST-58-REPART: reverse order of diff args
  * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
  * test: fixed TEST-24-CRYPTSETUP on SUSE
  * test: install /etc/hosts
  * Use consistent spelling of systemd.condition_first_boot argument
  * util: make file_read() 64bit offset safe
  * vmm: make sure we can handle smbios objects without variable part
    
- Changes in version 254.14:

  * analyze: show pcrs also in sha384 bank
  * chase: Tighten '.' and './' check
  * core/service: fixed accept-socket deserialization
  * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too
  * executor: check for all permission related errnos when setting up IPC namespace
  * install: allow removing symlinks even for units that are gone
  * json: use secure un{base64,hex}mem for sensitive variants
  * man,units: drop 'temporary' from description of systemd-tmpfiles
  * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS
  * repart: fixed memory leak
  * repart: Use CRYPT_ACTIVATE_PRIVATE
  * resolved: permit dnssec rrtype questions when we aren't validating
  * rules: Limit the number of device units generated for serial ttys
  * run: do not pass the pty slave fd to transient service in a machine
  * sd-dhcp-server: clear buffer before receive
  * strbuf: use GREEDY_REALLOC to grow the buffer

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2779-1
Released:    Tue Aug  6 14:35:49 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228548

This update for permissions fixes the following issue:

* cockpit: moved setuid executable (bsc#1228548)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released:    Tue Aug  6 14:58:38 2024
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:

- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released:    Tue Aug  6 16:35:06 2024
Summary:     Recommended update for various 32bit packages
Type:        recommended
Severity:    moderate
References:  1228322

This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released:    Wed Aug  7 09:49:32 2024
Summary:     Security update for shadow
Type:        security
Severity:    moderate
References:  1228770,CVE-2013-4235
This update for shadow fixes the following issues:

- Fixed not copying of skel files (bsc#1228770)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released:    Fri Aug  9 15:59:29 2024
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    important
References:  1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:

- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
  - Added: FIRMAPROFESIONAL CA ROOT-A WEB
  - Distrust: GLOBALTRUST 2020

- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
  Added:
  - CommScope Public Trust ECC Root-01
  - CommScope Public Trust ECC Root-02
  - CommScope Public Trust RSA Root-01
  - CommScope Public Trust RSA Root-02
  - D-Trust SBR Root CA 1 2022
  - D-Trust SBR Root CA 2 2022
  - Telekom Security SMIME ECC Root 2021
  - Telekom Security SMIME RSA Root 2023
  - Telekom Security TLS ECC Root 2020
  - Telekom Security TLS RSA Root 2023
  - TrustAsia Global Root CA G3
  - TrustAsia Global Root CA G4
  Removed:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - Chambers of Commerce Root - 2008
  - Global Chambersign Root - 2008
  - Security Communication Root CA
  - Symantec Class 1 Public Primary Certification Authority - G6
  - Symantec Class 2 Public Primary Certification Authority - G6
  - TrustCor ECA-1
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - VeriSign Class 1 Public Primary Certification Authority - G3
  - VeriSign Class 2 Public Primary Certification Authority - G3

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2888-1
Released:    Tue Aug 13 11:07:41 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1159034,1194818,1218609,1222285
This update for util-linux fixes the following issues:

- agetty: Prevent login cursor escape (bsc#1194818).
- Document unexpected side effects of lazy destruction (bsc#1159034).
- Don't delete binaries not common for all architectures. Create an
  util-linux-extra subpackage instead, so users of third party
  tools can use them (bsc#1222285).
- Improved man page for chcpu (bsc#1218609).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released:    Mon Aug 19 15:41:29 2024
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1194818
This update for pam fixes the following issue:

- Prevent cursor escape from the login prompt (bsc#1194818).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3106-1
Released:    Tue Sep  3 17:00:40 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220523,1220690,1220693,1220696,1221365,1221751,1221752,1221753,1221760,1221786,1221787,1221821,1221822,1221824,1221827,1229465,CVE-2024-6119
This update for openssl-3 fixes the following issues:

- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)

Other fixes:    
    
- FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365).
- FIPS: RSA keygen PCT requirements.
- FIPS: Check that the fips provider is available before setting
  it as the default provider in FIPS mode (bsc#1220523).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: Block non-Approved Elliptic Curves (bsc#1221786).
- FIPS: Service Level Indicator (bsc#1221365).
- FIPS: Output the FIPS-validation name and module version which uniquely
  identify the FIPS validated module (bsc#1221751).
- FIPS: Add required selftests: (bsc#1221760).
- FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821).
- FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827).
- FIPS: Zero initialization required (bsc#1221752).
- FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696).
- FIPS: NIST SP 800-56Brev2 (bsc#1221824).
- FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787).
- FIPS: Port openssl to use jitterentropy (bsc#1220523).
- FIPS: NIST SP 800-56Arev3 (bsc#1221822).
- FIPS: Error state has to be enforced (bsc#1221753).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3132-1
Released:    Tue Sep  3 17:43:10 2024
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1228968,1229329
This update for permissions fixes the following issues:

- Update to version 20240826:
  * permissions: remove outdated entries (bsc#1228968)

- Update to version 20240826:
  * cockpit: revert path change (bsc#1229329)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3166-1
Released:    Mon Sep  9 12:25:30 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1228042
This update for glibc fixes the following issue:

- s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3178-1
Released:    Mon Sep  9 14:39:12 2024
Summary:     Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type:        recommended
Severity:    important
References:  1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971
This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

- Make sure not to statically linked installed tools (bsc#1228787)
- MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
- Export asSolvable for YAST (bsc#1228420)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- Fix 4 typos in zypp.conf
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- Removed dependency on external find program in the repo2solv tool
- Fix return value of repodata.add_solv()
- New SOLVER_FLAG_FOCUS_NEW flag
- Fix return value of repodata.add_solv() in the bindings
- Fix SHA-224 oid in solv_pgpvrfy
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
- Fix int overflow in Provider
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- Keep UrlResolverPlugin API public
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
- Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
- Show rpm install size before installing (bsc#1224771)
- Install zypp/APIConfig.h legacy include
- Update soname due to RepoManager refactoring and cleanup
- Workaround broken libsolv-tools-base requirements
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released:    Wed Sep 11 10:55:22 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1230093,CVE-2024-8096
This update for curl fixes the following issues:

- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3239-1
Released:    Fri Sep 13 12:00:58 2024
Summary:     Recommended update for util-linux
Type:        recommended
Severity:    moderate
References:  1229476
This update for util-linux fixes the following issue:

- Skip aarch64 decode path for rest of the architectures (bsc#1229476).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released:    Wed Sep 18 14:27:53 2024
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  1229028
This update for ncurses fixes the following issues:

- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3346-1
Released:    Thu Sep 19 17:20:06 2024
Summary:     Recommended update for libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1228647,1230267
This update for libzypp, zypper fixes the following issues:

- API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released:    Fri Sep 27 15:16:38 2024
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1230516
This update for curl fixes the following issue:

- Make special characters in URL work with aws-sigv4 (bsc#1230516).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released:    Tue Oct  1 16:03:34 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    important
References:  1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:

- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released:    Tue Oct  1 16:22:27 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1230638
This update for glibc fixes the following issue:

- Use nss-systemd by default also in SLE (bsc#1230638).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released:    Wed Oct  2 18:14:56 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:

- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released:    Fri Oct  4 15:31:43 2024
Summary:     Recommended update for e2fsprogs
Type:        recommended
Severity:    moderate
References:  1230145
This update for e2fsprogs fixes the following issue:

- resize2fs: Check  number of group descriptors only if meta_bg is disabled
  (bsc#1230145).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released:    Thu Oct 10 16:39:07 2024
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1230111
This update for cyrus-sasl fixes the following issues:

- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) 
  RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released:    Fri Oct 11 10:39:52 2024
Summary:     Recommended update for bash
Type:        recommended
Severity:    moderate
References:  1227807
This update for bash fixes the following issues:

- Load completion file eveh if a brace expansion is in the
  command line included (bsc#1227807).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3609-1
Released:    Mon Oct 14 11:39:13 2024
Summary:     Recommended update for SLES-release
Type:        recommended
Severity:    moderate
References:  1227100,1230135
This update for SLES-release fixes the following issues:

- update codestream end date (bsc#1227100)
- added weakremover(libsemanage1) (bsc#1230135)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released:    Wed Oct 16 15:12:47 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:

This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)

The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.

The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.

To use gcc14 compilers use:

- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out

	https://gcc.gnu.org/gcc-14/changes.html


- Add libquadmath0-devel-gcc14 sub-package to allow installing
  quadmath.h and SO link without installing the fortran frontend

- Avoid combine spending too much compile-time and memory doing nothing on s390x.  [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package.  [bsc#1221601]
- Revert libgccjit dependency change.  [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
  [bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
  via __requires_exclude_from and __provides_exclude_from.
  [bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
  in gcc13-devel.  [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
  are linked against libstdc++6.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3681-1
Released:    Wed Oct 16 19:34:35 2024
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    important
References:  1230912,1231043
This update for libzypp fixes the following issues:

- Send unescaped colons in header values. According to the STOMP protocol, it
  would be correct to escape colon here but the practice broke plugin receivers
  that didn't expect this. The incompatiblity affected customers who were
  running spacewalk-repo-sync and experienced issues when accessing the cloud
  URL. [bsc#1231043]
  
- Fix hang in curl code with no network connection. [bsc#1230912]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released:    Fri Oct 18 11:56:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1231051
This update for glibc fixes the following issue:

- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released:    Fri Nov  1 16:10:37 2024
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1231833
This update for gcc14 fixes the following issues:

- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released:    Mon Nov  4 12:08:29 2024
Summary:     Recommended update for shadow
Type:        recommended
Severity:    moderate
References:  1230972
This update for shadow fixes the following issues:

- Add useradd warnings when requested UID is outside the default range (bsc#1230972)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released:    Wed Nov  6 11:14:28 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1232528,CVE-2024-9681
This update for curl fixes the following issues:

- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released:    Thu Nov  7 11:12:00 2024
Summary:     Security update for openssl-3
Type:        security
Severity:    moderate
References:  1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:

- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released:    Mon Nov 18 16:22:57 2024
Summary:     Security update for expat
Type:        security
Severity:    moderate
References:  1232579,CVE-2024-50602
This update for expat fixes the following issues:

- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released:    Mon Nov 25 08:33:05 2024
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  
This update for patterns-base fixes the following issue:

- Updated patterns-base, removing plymouth recommendation on s390x archs.
  Our certification team run into an issue (jsc#PED-10532), when they
  run bare metal installation with fully encrypted disk.
  If the whole disk is crypted, the prompt for the password is sent to
  plymouth, which is obviously showing nothing because for booting bare
  metal (LPAR) is used terminal in HMC. 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4156-1
Released:    Tue Dec  3 14:13:15 2024
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- README.md updates
- explicitly require openssl-3 cli
- reorder tags (list the more specific ones first)
- set oci.ref.name and oci.authors correctly

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released:    Thu Dec  5 12:01:40 2024
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:

- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)

Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released:    Thu Dec  5 14:48:33 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released:    Fri Dec  6 10:24:50 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1233699
This update for glibc fixes the following issue:

- Remove nss-systemd from default nsswitch.conf (bsc#1233699).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released:    Fri Dec  6 18:03:05 2024
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:

Security issues fixed:

- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).

Non-security issue fixed:

- Fix error when uninstalling packages (bsc#1231463).


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released:    Wed Dec 11 09:31:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

  - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released:    Tue Dec 17 08:17:39 2024
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1231048,1232844
This update for systemd fixes the following issues:

- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released:    Thu Dec 19 08:23:55 2024
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    moderate
References:  1203617
This update for aaa_base fixes the following issues:

- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released:    Fri Dec 20 16:41:09 2024
Summary:     Recommended update for libzypp
Type:        recommended
Severity:    moderate
References:  1234749
This update for libzypp fixes the following issues:

- Url: queryparams without value should not have a trailing '='

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released:    Fri Jan  3 14:53:56 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1220338,1232227,1234015
This update for systemd fixes the following issues:

- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:38-1
Released:    Thu Jan  9 10:24:48 2025
Summary:     Recommended update for sles15-image
Type:        recommended
Severity:    moderate
References:  
This update for sles15-image fixes the following issues:

- switch to public-dl.suse.com

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released:    Thu Jan  9 16:04:03 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1219736
This update for permissions fixes the following issues:

- Update to version 20240826:

  * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released:    Mon Jan 13 10:43:05 2025
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1235151

This update for curl fixes the following issue:

- smtp: for starttls, do full upgrade [bsc#1235151]
  * Make sure the TLS handshake after a successful STARTTLS command
    is fully done before further sending/receiving on the connection.
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released:    Thu Jan 16 11:20:40 2025
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1234665
This update for glibc fixes the following issues:

- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.

-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released:    Wed Jan 22 12:30:04 2025
Summary:     Feature update for zypper, libzypp
Type:        feature
Severity:    low
References:  
This update for zypper, libzypp fixes the following issues:

- info: Allow to query a specific version (jsc#PED-11268)
  To query for a specific version simply append '-<version>' or
  '-<version>-<release>' to the '<name>' pattern. Note that the
  edition part must always match exactly.
- version 1.14.79

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:348-1
Released:    Tue Feb  4 08:10:23 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:

- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released:    Fri Feb 14 16:10:40 2025
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1236705,CVE-2025-0938
This update for python3 fixes the following issues:

- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)


The following package changes have been done:

- glibc-2.38-150600.14.20.3 updated
- libuuid1-2.39.3-150600.4.12.2 updated
- libsmartcols1-2.39.3-150600.4.12.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- libblkid1-2.39.3-150600.4.12.2 updated
- libfdisk1-2.39.3-150600.4.12.2 updated
- libxml2-2-2.10.3-150500.5.20.1 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libassuan0-2.5.5-150000.4.7.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- ncurses-utils-6.1-150000.5.27.1 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- libmount1-2.39.3-150600.4.12.2 updated
- libudev1-254.21-150600.4.21.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- login_defs-4.8.1-150600.17.9.1 updated
- sles-release-15.6-150600.64.3.1 updated
- permissions-20240826-150600.10.12.1 updated
- pam-1.3.0-150000.6.71.2 updated
- libgpgme11-1.23.0-150600.3.2.1 updated
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- shadow-4.8.1-150600.17.9.1 updated
- libzypp-17.35.16-150600.3.41.1 updated
- zypper-1.14.79-150600.10.19.1 updated
- util-linux-2.39.3-150600.4.12.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- openssl-3-3.1.4-150600.5.21.1 updated
- ca-certificates-mozilla-2.68-150200.33.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libpython3_6m1_0-3.6.15-150300.10.81.1 updated
- python3-base-3.6.15-150300.10.81.1 updated
- python3-3.6.15-150300.10.81.1 updated
- container:sles15-image-15.6.0-47.18.1 updated
- liblz4-1-1.9.4-150600.1.4 removed
- libprocps8-3.3.17-150000.7.39.1 removed
- libsystemd0-254.13-150600.4.5.1 removed
- procps-3.3.17-150000.7.39.1 removed


More information about the sle-container-updates mailing list