SUSE-IU-2025:658-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Feb 27 08:13:55 UTC 2025


SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:658-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.5 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 4.5
Severity          : important
Type              : security
References        : 1219458 1219563 1222319 1224123 1225600 1225601 1227456 1229010
                        1229069 1229072 1229272 1229449 1230007 1230596 1234027 1236826
                        1237040 1237041 CVE-2023-31315 CVE-2023-38417 CVE-2023-47210
                        CVE-2024-28180 CVE-2024-3727 CVE-2025-26465 CVE-2025-26466 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 21
Released:    Wed Feb 26 14:46:04 2025
Summary:     Security update for openssh
Type:        security
Severity:    important
References:  1219563,1224123,1227456,1229010,1229072,1229449,1236826,1237040,1237041,CVE-2024-28180,CVE-2024-3727,CVE-2025-26465,CVE-2025-26466
This update for openssh fixes the following issues:

Security issues fixed:

- CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040)
- CVE-2025-26466: Fixed a DoS attack against OpenSSH's client and server (bsc#1237041)

Other issues fixed:

- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2
  due to gssapi proposal not being correctly initialized
  (bsc#1236826).
- Add a patch to fix a regression introduced in 9.6 that makes X11
  forwarding very slow. (bsc#1229449)
- Fixed RFC4256 implementation so that keyboard-interactive authentication method can send
  instructions and sshd shows them to users even before a prompt
  is requested. This fixes MFA push notifications (bsc#1229010).
- Fix a dbus connection leaked in the logind patch that was
  missing a sd_bus_unref call
- Add a patch that fixes a small memory leak when parsing the
  subsystem configuration option:
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

-----------------------------------------------------------------
Advisory ID: 20
Released:    Wed Feb 26 14:57:21 2025
Summary:     Security update for kernel-firmware
Type:        security
Severity:    important
References:  1219458,1222319,1225600,1225601,1229069,1229272,1230007,1230596,1234027,CVE-2023-31315,CVE-2023-38417,CVE-2023-47210
This update for kernel-firmware fixes the following issues:

- Update to version 20241128 (git commit ea71da6f0690):
  * i915: Update Xe2LPD DMC to v2.24
  * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
  * iwlwifi: add Bz-gf FW for core89-91 release
  * amdgpu: update smu 13.0.10 firmware
  * amdgpu: update sdma 6.0.3 firmware
  * amdgpu: update psp 13.0.10 firmware
  * amdgpu: update gc 11.0.3 firmware
  * amdgpu: add smu 13.0.14 firmware
  * amdgpu: add sdma 4.4.5 firmware
  * amdgpu: add psp 13.0.14 firmware
  * amdgpu: add gc 9.4.4 firmware
  * amdgpu: update vcn 3.1.2 firmware
  * amdgpu: update psp 13.0.5 firmware
  * amdgpu: update psp 13.0.8 firmware
  * amdgpu: update vega20 firmware
  * amdgpu: update vega12 firmware
  * amdgpu: update psp 14.0.4 firmware
  * amdgpu: update gc 11.5.2 firmware
  * amdgpu: update vega10 firmware
  * amdgpu: update vcn 4.0.0 firmware
  * amdgpu: update smu 13.0.0 firmware
  * amdgpu: update psp 13.0.0 firmware
  * amdgpu: update gc 11.0.0 firmware
  * amdgpu: update beige goby firmware
  * amdgpu: update vangogh firmware
  * amdgpu: update dimgrey cavefish firmware
  * amdgpu: update navy flounder firmware
  * amdgpu: update psp 13.0.11 firmware
  * amdgpu: update gc 11.0.4 firmware
  * amdgpu: update vcn 4.0.2 firmware
  * amdgpu: update psp 13.0.4 firmware
  * amdgpu: update gc 11.0.1 firmware
  * amdgpu: update sienna cichlid firmware
  * amdgpu: update vpe 6.1.1 firmware
  * amdgpu: update vcn 4.0.6 firmware
  * amdgpu: update psp 14.0.1 firmware
  * amdgpu: update gc 11.5.1 firmware
  * amdgpu: update vcn 4.0.5 firmware
  * amdgpu: update psp 14.0.0 firmware
  * amdgpu: update gc 11.5.0 firmware
  * amdgpu: update navi14 firmware
  * amdgpu: update arcturus firmware
  * amdgpu: update renoir firmware
  * amdgpu: update navi12 firmware
  * amdgpu: update sdma 4.4.2 firmware
  * amdgpu: update psp 13.0.6 firmware
  * amdgpu: update gc 9.4.3 firmware
  * amdgpu: update vcn 4.0.4 firmware
  * amdgpu: update psp 13.0.7 firmware
  * amdgpu: update gc 11.0.2 firmware
  * amdgpu: update navi10 firmware
  * amdgpu: update aldebaran firmware
- Update aliases from 6.13-rc1

- Update to version 20241125 (git commit 508d770ee6f3):
  * ice: update ice DDP wireless_edge package to 1.3.20.0
  * ice: update ice DDP comms package to 1.3.52.0
  * ice: update ice DDP package to ice-1.3.41.0
  * amdgpu: update DMCUB to v9.0.10.0 for DCN314
  * amdgpu: update DMCUB to v9.0.10.0 for DCN351

- Update to version 20241121 (git commit 48bb90cceb88):
  * linux-firmware: Update AMD cpu microcode
  * xe: Update GUC to v70.36.0 for BMG, LNL
  * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL

- Update to version 20241119 (git commit 60cdfe1831e8):
  * iwlwifi: add Bz-gf FW for core91-69 release
- Update aliases from 6.12

- Update to version 20241113 (git commit 1727aceef4d2):
  * qcom: venus-5.4: add venus firmware file for qcs615
  * qcom: update venus firmware file for SC7280
  * QCA: Add 22 bluetooth firmware nvm files for QCA2066

- Update to version 20241112 (git commit c57a0a42468b):
  * mediatek MT7922: update bluetooth firmware to 20241106163512
  * mediatek MT7921: update bluetooth firmware to 20241106151414
  * linux-firmware: update firmware for MT7922 WiFi device
  * linux-firmware: update firmware for MT7921 WiFi device
  * qcom: Add QDU100 firmware image files.
  * qcom: Update aic100 firmware files
  * dedup-firmware.sh: fix infinite loop for --verbose
  * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7
  * cnm: update chips&media wave521c firmware.
  * mediatek MT7920: update bluetooth firmware to 20241104091246
  * linux-firmware: update firmware for MT7920 WiFi device
  * copy-firmware.sh: Run check_whence.py only if in a git repo
  * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
  * amdgpu: update DMCUB to v9.0.10.0 for DCN351
  * rtw89: 8852a: update fw to v0.13.36.2
  * rtw88: Add firmware v52.14.0 for RTL8812AU
  * i915: Update Xe2LPD DMC to v2.23
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
  * linux-firmware: update firmware for MT7925 WiFi device
  * WHENCE: Add sof-tolg for mt8195
  *  linux-firmware: Update firmware file for Intel BlazarI core
  * qcom: Add link for QCS6490 GPU firmware
  * qcom: update gpu firmwares for qcs615 chipset
  * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops
  * mediatek: Add sof-tolg for mt8195

- Update to version 20241029 (git commit 048795eef350):
  * ath11k: move WCN6750 firmware to the device-specific subdir
  * xe: Update LNL GSC to v104.0.0.1263
  * i915: Update MTL/ARL GSC to v102.1.15.1926

- Update to version 20241028 (git commit 987607d681cb):
  * amdgpu: DMCUB updates for various AMDGPU ASICs
  * i915: Add Xe3LPD DMC
  * cnm: update chips&media wave521c firmware.
  * linux-firmware: Add firmware for Cirrus CS35L41
  * linux-firmware: Update firmware file for Intel BlazarU core
  * Makefile: error out of 'install' if COPYOPTS is set

- Update to version 20241018 (git commit 2f0464118f40):
  * check_whence.py: skip some validation if git ls-files fails
  * qcom: Add Audio firmware for X1E80100 CRD/QCPs
  * amdgpu: DMCUB updates forvarious AMDGPU ASICs
  * brcm: replace NVRAM for Jetson TX1
  * rtlwifi: Update firmware for RTL8192FU to v7.3
  * make: separate installation and de-duplication targets
  * check_whence.py: check the permissions
  * Remove execute bit from firmware files
  * configure: remove unused file
  * rtl_nic: add firmware rtl8125d-1

- Update to version 20241014 (git commit 99f9c7ed1f4a):
  * iwlwifi: add gl/Bz FW for core91-69 release
  * iwlwifi: update ty/So/Ma firmwares for core91-69 release
  * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release
  * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop
  * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops
  * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops
  * linux-firmware: update firmware for en8811h 2.5G ethernet phy
  * QCA: Add Bluetooth firmwares for WCN785x with UART transport

- Update to version 20241011 (git commit 808cba847c70):
  * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher
  * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596)
  * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1
  * ath12k: QCN9274 hw2.0: add board-2.bin
  * copy-firmware.sh: rename variables in symlink hanlding
  * copy-firmware.sh: remove no longer reachable test -L
  * copy-firmware.sh: remove no longer reachable test -f
  * copy-firmware.sh: call ./check_whence.py before parsing the file
  * copy-firmware.sh: warn if the destination folder is not empty
  * copy-firmware.sh: add err() helper
  * copy-firmware.sh: fix indentation
  * copy-firmware.sh: reset and consistently handle destdir
  * Revert 'copy-firmware: Support additional compressor options'
  * copy-firmware.sh: flesh out and fix dedup-firmware.sh
  * Style update yaml files
  * editorconfig: add initial config file
  * check_whence.py: annotate replacement strings as raw
  * check_whence.py: LC_ALL=C sort -u the filelist
  * check_whence.py: ban link-to-a-link
  * check_whence.py: use consistent naming
  * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin
  * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31
- Drop obsoleted --ignore-duplicates option to copy-firmware.sh
- Drop the ath12k workaround again

- Update to version 20241010 (git commit d4e688aa74a0):
  * rtlwifi: Add firmware v39.0 for RTL8192DU
  * Revert 'ath12k: WCN7850 hw2.0: update board-2.bin'
    (replaced with a newer firmware in this package instead)
- update aliases

- Update to version 20241004 (git commit bbb77872a8a7):
  * amdgpu: DMCUB DCN35 update
  * brcm: Add BCM4354 NVRAM for Jetson TX1
  * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram

- Update to version 20241001 (git commit 51e5af813eaf):
  * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920)
  * linux-firmware: add firmware for MT7920
  * amdgpu: update raven firmware
  * amdgpu: update SMU 13.0.10 firmware
  * amdgpu: update PSP 13.0.10 firmware
  * amdgpu: update GC 11.0.3 firmware
  * amdgpu: update VCN 3.1.2 firmware
  * amdgpu: update PSP 13.0.5 firmware
  * amdgpu: update PSP 13.0.8 firmware
  * amdgpu: update vega12 firmware
  * amdgpu: update PSP 14.0.4 firmware
  * amdgpu: update GC 11.5.2 firmware
  * amdgpu: update vega10 firmware
  * amdgpu: update VCN 4.0.0 firmware
  * amdgpu: update PSP 13.0.0 firmware
  * amdgpu: update GC 11.0.0 firmware
  * amdgpu: update picasso firmware
  * amdgpu: update beige goby firmware
  * amdgpu: update vangogh firmware
  * amdgpu: update dimgrey cavefish firmware
  * amdgpu: update navy flounder firmware
  * amdgpu: update green sardine firmware
  * amdgpu: update VCN 4.0.2 firmware
  * amdgpu: update PSP 13.0.4 firmware
  * amdgpu: update GC 11.0.1 firmware
  * amdgpu: update sienna cichlid firmware
  * amdgpu: update VCN 4.0.6 firmware
  * amdgpu: update PSP 14.0.1 firmware
  * amdgpu: update GC 11.5.1 firmware
  * amdgpu: update VCN 4.0.5 firmware
  * amdgpu: update PSP 14.0.0 firmware
  * amdgpu: update GC 11.5.0 firmware
  * amdgpu: update navi14 firmware
  * amdgpu: update renoir firmware
  * amdgpu: update navi12 firmware
  * amdgpu: update SMU 13.0.6 firmware
  * amdgpu: update SDMA 4.4.2 firmware
  * amdgpu: update PSP 13.0.6 firmware
  * amdgpu: update GC 9.4.3 firmware
  * amdgpu: update yellow carp firmware
  * amdgpu: update VCN 4.0.4 firmware
  * amdgpu: update PSP 13.0.7 firmware
  * amdgpu: update GC 11.0.2 firmware
  * amdgpu: update navi10 firmware
  * amdgpu: update aldebaran firmware
  * qcom: update gpu firmwares for qcm6490 chipset
  * mt76: mt7996: add firmware files for mt7992 chipset
  * mt76: mt7996: add firmware files for mt7996 chipset variants
  * qcom: add gpu firmwares for sa8775p chipset
  * rtw89: 8922a: add fw format-2 v0.35.42.1
- Pick up the fixed ath12k firmware from
  https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware
  (bsc#1230596)
- Update aliases from 6.11.x and 6.12-rc1

- Update to version 20240913 (git commit bcbdd1670bc3):
  * amdgpu: update DMCUB to v0.0.233.0 DCN351
  * copy-firmware: Handle links to uncompressed files
  * WHENCE: Fix battmgr.jsn entry type
- Temporary revert for ath12k firmware (bsc#1230596)

- Update to version 20240912 (git commit 47c72fee8fe3):
  * amdgpu: Add VPE 6.1.3 microcode
  * amdgpu: add SDMA 6.1.2 microcode
  * amdgpu: Add support for PSP 14.0.4
  * amdgpu: add GC 11.5.2 microcode
  * qcom: qcm6490: add ADSP and CDSP firmware
  * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core
  * linux-firmware: Update firmware file for Intel BlazarU core
  * linux-firmware: Update firmware file for Intel Bluetooth Solar core

- Update to version 20240911 (git commit 59def907425d):
  * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272)

- Update to version 20240910 (git commit 2a7b69a3fa30):
  * realtek: rt1320: Add patch firmware of MCU
  * i915: Update MTL DMC v2.23
  * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops

- Update to version 20240903 (git commit 96af55bd3d0b):
  * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007)
  * iwlwifi: add Bz FW for core89-58 release
  * rtl_nic: add firmware rtl8126a-3
  * linux-firmware: update firmware for MT7921 WiFi device
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7921)

- Update to version 20240830 (git commit d6c600d46981):
  * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351
  * qcom: vpu: restore compatibility with kernels before 6.6

- Update to version 20240826 (git commit bec4fd18cc57):
  (including ath11k f/w updates for bsc#1234027)
  * amdgpu: DMCUB updates forvarious AMDGPU ASICs
  * rtw89: 8922a: add fw format-1 v0.35.41.0
  * linux-firmware: update firmware for MT7925 WiFi device
  * linux-firmware: update firmware for mediatek bluetooth chip (MT7925)
  * rtl_bt: Add firmware and config files for RTL8922A
  * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part
  * rtl_bt: de-dupe identical config.bin files
  * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin
  * linux-firmware: Update AMD SEV firmware
  * linux-firmware: update firmware for MT7996
  * Revert 'i915: Update MTL DMC v2.22'
  * ath12k: WCN7850 hw2.0: update board-2.bin
  * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
  * ath11k: WCN6855 hw2.0: update board-2.bin
  * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3
  * ath11k: QCA2066 hw2.1: add board-2.bin
  * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1
  * qcom: vpu: add video firmware for sa8775p
  * amdgpu: DMCUB updates for various AMDGPU ASICs

- Update to version 20240809 (git commit 36db650dae03):
  * qcom: update path for video firmware for vpu-1/2/3.0
  * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642
  * rtw89: 8852c: add fw format-1 v0.27.97.0
  * rtw89: 8852bt: add firmware 0.29.91.0
  * amdgpu: Update ISP FW for isp v4.1.1
  * mediatek: Update mt8195 SOF firmware
  * amdgpu: DMCUB updates for DCN314
  * xe: First GuC release v70.29.2 for BMG
  * xe: Add GuC v70.29.2 for LNL
  * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL
  * i915: Update MTL DMC v2.22
  * i915: update MTL GSC to v102.0.10.1878
  * xe: Add BMG HuC 8.2.10
  * xe: Add GSC 104.0.0.1161 for LNL
  * xe: Add LNL HuC 9.4.13
  * i915: update DG2 HuC to v7.10.16
  * amdgpu: Update ISP FW for isp v4.1.1
  * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641


The following package changes have been done:

- kernel-firmware-amdgpu-20241128-slfo.1.1_1.1 updated
- kernel-firmware-ath10k-20241128-slfo.1.1_1.1 updated
- kernel-firmware-ath11k-20241128-slfo.1.1_1.1 updated
- kernel-firmware-ath12k-20241128-slfo.1.1_1.1 updated
- kernel-firmware-atheros-20241128-slfo.1.1_1.1 updated
- kernel-firmware-bluetooth-20241128-slfo.1.1_1.1 updated
- kernel-firmware-bnx2-20241128-slfo.1.1_1.1 updated
- kernel-firmware-brcm-20241128-slfo.1.1_1.1 updated
- kernel-firmware-chelsio-20241128-slfo.1.1_1.1 updated
- kernel-firmware-dpaa2-20241128-slfo.1.1_1.1 updated
- kernel-firmware-i915-20241128-slfo.1.1_1.1 updated
- kernel-firmware-intel-20241128-slfo.1.1_1.1 updated
- kernel-firmware-iwlwifi-20241128-slfo.1.1_1.1 updated
- kernel-firmware-liquidio-20241128-slfo.1.1_1.1 updated
- kernel-firmware-marvell-20241128-slfo.1.1_1.1 updated
- kernel-firmware-media-20241128-slfo.1.1_1.1 updated
- kernel-firmware-mediatek-20241128-slfo.1.1_1.1 updated
- kernel-firmware-mellanox-20241128-slfo.1.1_1.1 updated
- kernel-firmware-mwifiex-20241128-slfo.1.1_1.1 updated
- kernel-firmware-network-20241128-slfo.1.1_1.1 updated
- kernel-firmware-nfp-20241128-slfo.1.1_1.1 updated
- kernel-firmware-nvidia-20241128-slfo.1.1_1.1 updated
- kernel-firmware-platform-20241128-slfo.1.1_1.1 updated
- kernel-firmware-prestera-20241128-slfo.1.1_1.1 updated
- kernel-firmware-qcom-20241128-slfo.1.1_1.1 updated
- kernel-firmware-qlogic-20241128-slfo.1.1_1.1 updated
- kernel-firmware-radeon-20241128-slfo.1.1_1.1 updated
- kernel-firmware-realtek-20241128-slfo.1.1_1.1 updated
- kernel-firmware-serial-20241128-slfo.1.1_1.1 updated
- kernel-firmware-sound-20241128-slfo.1.1_1.1 updated
- kernel-firmware-ti-20241128-slfo.1.1_1.1 updated
- kernel-firmware-ueagle-20241128-slfo.1.1_1.1 updated
- kernel-firmware-usb-network-20241128-slfo.1.1_1.1 updated
- openssh-common-9.6p1-slfo.1.1_2.1 updated
- kernel-firmware-all-20241128-slfo.1.1_1.1 updated
- openssh-server-9.6p1-slfo.1.1_2.1 updated
- openssh-clients-9.6p1-slfo.1.1_2.1 updated
- openssh-9.6p1-slfo.1.1_2.1 updated


More information about the sle-container-updates mailing list