SUSE-IU-2025:1739-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jul 2 07:04:14 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1739-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.46 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 6.46
Severity          : important
Type              : security
References        : 1236931 1239119 1243389 1244079 1244509 CVE-2025-30258 CVE-2025-40909
                        CVE-2025-6020 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 361
Released:    Thu Jun 19 10:49:31 2025
Summary:     Security update for pam
Type:        security
Severity:    important
References:  1244509,CVE-2025-6020
This update for pam fixes the following issues:

- CVE-2025-6020: pam_namespace: convert functions that may operate
  on a user-controlled path to operate on file descriptors instead of
  absolute path. And keep the bind-mount protection from protect_mount()
  as a defense in depthmeasure. (bsc#1244509)

-----------------------------------------------------------------
Advisory ID: 367
Released:    Tue Jun 24 10:39:31 2025
Summary:     Recommended update for selinux-policy
Type:        recommended
Severity:    moderate
References:  1243389
This update for selinux-policy fixes the following issues:

Update to version 20230523+git27.6fee49569:

* qemu-guest-agent: fix denial for guest-get-fsinfo (bsc#1243389)


-----------------------------------------------------------------
Advisory ID: 370
Released:    Mon Jun 30 10:20:23 2025
Summary:     Security update for gpg2
Type:        security
Severity:    moderate
References:  1236931,1239119,CVE-2025-30258
This update for gpg2 fixes the following issues:

* Fix regression for the recent malicious subkey DoS fix in CVE-2025-30258. [bsc#1236931, bsc#1239119, CVE-2025-30258]

-----------------------------------------------------------------
Advisory ID: 372
Released:    Tue Jul  1 13:42:56 2025
Summary:     Security update for perl
Type:        security
Severity:    moderate
References:  1244079,CVE-2025-40909
This update for perl fixes the following issues:

- CVE-2025-40909: Fixed a working directory race condition causing 
  file operations to target unintended paths (bsc#1244079)


The following package changes have been done:

- perl-base-5.38.2-4.1 updated
- pam-1.6.0-5.1 updated
- SL-Micro-release-6.0-25.32 updated
- gpg2-2.4.4-4.1 updated
- perl-5.38.2-4.1 updated
- selinux-policy-20230523+git27.6fee49569-1.1 updated
- selinux-policy-targeted-20230523+git27.6fee49569-1.1 updated
- container:SL-Micro-base-container-2.1.3-7.14 updated

More information about the sle-container-updates mailing list