SUSE-IU-2025:1784-1: Recommended update of suse/sl-micro/6.1/base-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jul 10 07:15:29 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1784-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.6 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 5.6
Severity : important
Type : recommended
References : 1222972 1223356 1223454 1227417 1227419 1227575 1229716 1230368
1230779 1232057 1233332 1233673 1243486 1244710 1245220 1245452
1245496 1245672 CVE-2024-0090 CVE-2024-0091 CVE-2024-0092
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 174
Released: Wed Jul 9 11:05:32 2025
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1222972,1223356,1223454,1227417,1227419,1227575,1229716,1230368,1230779,1232057,1233332,1233673,1243486,1244710,1245220,1245452,1245496,1245672,CVE-2024-0090,CVE-2024-0091,CVE-2024-0092
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv was updated to 0.7.34:
- add support for product-obsoletes() provides in the product
autopackage generation code
libzypp was updated to 17.37.10:
- BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
Newer rpm versions no longer allow a ':' in rpm package names or
obsoletes. So injecting an
'Obsoletes: product:oldproductname < oldproductversion'
into the -release package to indicate a product rename is no longer
possible.
Since libsolv-0.7.34 you can and should use:
'Provides: product-obsoletes(oldproductname) < oldproductversion'
in the -release package. libsolv will then inject the appropriate
Obsoletes into the Product.
- Ignore DeltaRpm download errors (bsc#1245672)
DeltaRpms are in fact optional resources. In case of a failure
the full rpm is downloaded.
- Improve fix for incorrect filesize handling (bsc#1245220)
- Do not trigger download data exceeded errors on HTTP non data
responses (bsc#1245220)
In some cases a HTTP 401 or 407 did trigger a 'filesize exceeded'
error, because the response payload size was compared against the
expected filesize. This patch adds some checks if the response
code is in the success range and only then takes expected
filesize into account. Otherwise the response content-length is
used or a fallback of 2Mb if no content-length is known.
- Fix SEGV in MediaDISK handler (bsc#1245452)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
DownloadAsNeeded can not be combined with the rpm singletrans
installer backend because a rpm transaction requires all package
headers to be available the the beginning of the transaction. So
explicitly selecting this mode also turns on the classic_rpmtrans
backend.
- Fix evaluation of libproxy results (bsc#1244710)
zypper was updated to 1.14.92:
- sh: Reset solver options after command (bsc#1245496)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
The following package changes have been done:
- libsolv-tools-base-0.7.34-slfo.1.1_1.1 updated
- libzypp-17.37.10-slfo.1.1_1.1 updated
- zypper-1.14.92-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-4.50 updated
More information about the sle-container-updates
mailing list