SUSE-CU-2025:4396-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 18 07:16:32 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4396-1
Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.4 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.4.7.19.1 , suse/manager/5.0/x86_64/proxy-salt-broker:latest
Container Release : 7.19.1
Severity : important
Type : security
References : 1189788 1216091 1216091 1220893 1220895 1220896 1222044 1225936
1225939 1225941 1225942 1227637 1228434 1229106 1229228 1230267
1230959 1231472 1231748 1232234 1232326 1232458 1233752 1234015
1234128 1234313 1234713 1234752 1234765 1234798 1235481 1235598
1235636 1235873 1236033 1236136 1236165 1236177 1236282 1236384
1236481 1236588 1236590 1236619 1236643 1236820 1236858 1236878
1236886 1236939 1236960 1236983 1237044 1237172 1237363 1237370
1237418 1237496 1237587 1237949 1238315 1239809 1239883 1239909
1240009 1240343 1240343 1240366 1240414 1240529 1240607 1240897
1241020 1241078 1241189 1241453 1241551 1241605 1241624 1242060
1242938 1243259 1243317 CVE-2024-10041 CVE-2024-12133 CVE-2024-13176
CVE-2024-56171 CVE-2025-0167 CVE-2025-0395 CVE-2025-0725 CVE-2025-24528
CVE-2025-24928 CVE-2025-2588 CVE-2025-27113 CVE-2025-27587 CVE-2025-29087
CVE-2025-29088 CVE-2025-31115 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277
CVE-2025-3360 CVE-2025-4802
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:358-1
Released: Wed Feb 5 10:06:22 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1235873
This update for permissions fixes the following issues:
- Version update 20240826:
* permissions: remove legacy and nonsensical entries.
* permissions: remove traceroute entry.
* permissions: remove outdated sudo directories.
* permissions: remove legacy RPM directory entries.
* permissions: remove some static /var/spool/* dirs.
* permissions: remove unnecessary static dirs and devices (bsc#1235873).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:363-1
Released: Wed Feb 5 11:01:45 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1216091,1229106,1232458,1234752,1235636
This update for libzypp, zypper fixes the following issues:
- Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages
of all repos cached there (bsc#1232458)
- Fix missing UID checks in repomanager workflow
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
- Fix 'zypper ps' when running in incus container. Should apply to lxc and lxd containers as well. (bsc#1229106)
- Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
- lr: show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: Restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:369-1
Released: Wed Feb 5 16:32:36 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:430-1
Released: Tue Feb 11 15:13:32 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:501-1
Released: Thu Feb 13 10:53:21 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1236960
This update for permissions fixes the following issues:
- Version update 20240826.
- Reintroduced nscd socket, this is a whitelisting for glibc (bsc#1236960).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:508-1
Released: Thu Feb 13 12:29:31 2025
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1231472
This update for findutils fixes the following issue:
- fix crash when file system loop was encountered (bsc#1231472).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:680-1
Released: Mon Feb 24 12:01:16 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1228434,1236384,1236820,1236939,1236983
This update for libzypp, zypper fixes the following issues:
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'
- Fix Repoverification plugin not being executed
- Refresh: Fetch the master index file before key and signature (bsc#1236820)
- Deprecate RepoReports we do not trigger
- Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939)
- New system-architecture command (bsc#1236384)
- Change versioncmp command to return exit code according to the comparison result
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:746-1
Released: Fri Feb 28 17:10:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:832-1
Released: Tue Mar 11 09:56:30 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
* Improve historical data for Mexico, Mongolia, and Portugal
* System V names are now obsolescent
* The main data form now uses %z
* The code now conforms to RFC 8536 for early timestamps
* Support POSIX.1-2024, which removes asctime_r and ctime_r
* Assume POSIX.2-1992 or later for shell scripts
* SUPPORT_C89 now defaults to 1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:837-1
Released: Tue Mar 11 13:10:41 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1189788,1216091,1236481,1237044
This update for libzypp, zypper fixes the following issues:
- Disable zypp.conf:download.use_deltarpm by default
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
- Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- Annonunce --root in commands not launching a Target
(bsc#1237044)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released: Wed Mar 19 08:04:05 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:
- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1242-1
Released: Mon Apr 14 12:43:18 2025
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1235481,1236033
This update for aaa_base fixes the following issues:
- SP6 logrotate and rcsyslog binary (bsc#1236033)
- Update detection for systemd in rc.status
- Mountpoint for cgroup changed with cgroup2
- If a user switches the login shell respect the already set PATH
environment (bsc#1235481)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1291-1
Released: Wed Apr 16 09:41:51 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Version update 2025b
* New zone for Aysen Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches for philippines historical data and china tzdata
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1367-1
Released: Thu Apr 24 16:38:48 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1240897,CVE-2025-3360
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1376-1
Released: Fri Apr 25 18:11:02 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1241605
This update for libgcrypt fixes the following issues:
- FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1377-1
Released: Fri Apr 25 19:43:34 2025
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
- add bpftool to patterns enhanced base. jsc#PED-8375
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1438-1
Released: Fri May 2 15:44:07 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released: Wed May 7 17:13:32 2025
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1527-1
Released: Fri May 9 17:21:39 2025
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529
This update for libsolv, libzypp, zypper fixes the following issues:
- Support the apk package and repository format (both v2 and v3)
- New dataiterator_final_{repo,solvable} functions
- Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598)
- XmlReader: Fix detection of bad input streams
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a service may set
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct default (false)
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- Fix computation of RepStatus if Repo URLs change
- Fix lost double slash when appending to an absolute FTP url (bsc#1238315)
- Add a transaction package preloader
- Strip a mediahandler tag from baseUrl querystrings
- Updated translations (bsc#1230267)
- Do not double encode URL strings passed on the commandline (bsc#1237587)
- info,search: add option to search and list Enhances (bsc#1237949)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1534-1
Released: Mon May 12 18:00:59 2025
Summary: Security update for augeas
Type: security
Severity: low
References: 1239909,CVE-2025-2588
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released: Thu May 29 11:40:51 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:
- Add missing 'systemd-journal-remote' package
to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
for users in Container UID range (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1800-1
Released: Mon Jun 2 20:53:40 2025
Summary: Recommended update for python-pyzmq
Type: recommended
Severity: moderate
References: 1241624
This update for python-pyzmq fixes the following issues:
- Prevent open files leak by closing sockets on timeout (bsc#1241624)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1863-1
Released: Tue Jun 10 14:33:20 2025
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- add support EOL date for SP6 general support
- fix use SOURCEURL_WITH for proper README url in all cases
- do check rpm signatures
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- glibc-2.38-150600.14.32.1 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- libfa1-1.14.1-150600.3.3.1 updated
- libxml2-2-2.10.3-150500.5.26.1 updated
- libsqlite3-0-3.49.1-150000.3.27.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- ncurses-utils-6.1-150000.5.30.1 updated
- libglib-2_0-0-2.78.6-150600.4.11.1 updated
- libaugeas0-1.14.1-150600.3.3.1 updated
- libudev1-254.24-150600.4.33.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libgcrypt20-1.10.3-150600.3.6.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- patterns-base-fips-20200124-150600.32.6.1 updated
- findutils-4.8.0-150300.3.3.2 updated
- libcurl4-8.6.0-150600.4.21.1 updated
- permissions-20240826-150600.10.18.2 updated
- pam-1.3.0-150000.6.76.1 updated
- libsolv-tools-base-0.7.32-150600.8.10.1 updated
- libzypp-17.36.7-150600.3.53.1 updated
- zypper-1.14.89-150600.10.31.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- curl-8.6.0-150600.4.21.1 updated
- timezone-2025b-150600.91.6.2 updated
- openssl-3-3.1.4-150600.5.27.1 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- python3-pyzmq-17.1.2-150000.3.8.1 updated
- container:sles15-image-15.6.0-47.21.1 updated
More information about the sle-container-updates
mailing list