SUSE-CU-2025:4895-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Jul 5 07:24:13 UTC 2025 

SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4895-1
Container Tags        : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.67 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release     : 17.8.67
Severity              : important
Type                  : security
References            : 1228776 1239602 1242844 1244596 1245309 1245310 1245311 1245314
                        CVE-2024-41965 CVE-2025-29768 CVE-2025-4373 CVE-2025-4877 CVE-2025-4878
                        CVE-2025-5318 CVE-2025-5372 CVE-2025-6052 
-----------------------------------------------------------------

The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2167-1
Released:    Mon Jun 30 09:14:40 2025
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1242844,1244596,CVE-2025-4373,CVE-2025-6052
This update for glib2 fixes the following issues:

- CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596).
- CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2226-1
Released:    Fri Jul  4 15:31:04 2025
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1228776,1239602,CVE-2024-41965,CVE-2025-29768
This update for vim fixes the following issues:

- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released:    Fri Jul  4 18:02:30 2025
Summary:     Security update for libssh
Type:        security
Severity:    important
References:  1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:

- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).


The following package changes have been done:

- glib2-tools-2.78.6-150600.4.16.1 updated
- libgio-2_0-0-2.78.6-150600.4.16.1 updated
- libglib-2_0-0-2.78.6-150600.4.16.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.16.1 updated
- libgobject-2_0-0-2.78.6-150600.4.16.1 updated
- libssh-config-0.9.8-150600.11.3.1 updated
- libssh4-0.9.8-150600.11.3.1 updated
- vim-data-common-9.1.1406-150500.20.27.1 updated
- vim-small-9.1.1406-150500.20.27.1 updated

More information about the sle-container-updates mailing list