SUSE-CU-2025:4399-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 18 07:16:50 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4399-1
Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.4 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.4.7.17.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest
Container Release : 7.17.1
Severity : important
Type : security
References : 1227637 1230959 1231472 1231748 1232326 1234128 1234713 1234798
1236136 1236165 1236282 1236619 1236858 1236878 1239883 1240009
1240343 1240343 1240366 1240414 1240607 1241020 1241078 1241189
1242060 1243313 1243317 CVE-2024-12133 CVE-2024-13176 CVE-2025-0395
CVE-2025-24528 CVE-2025-27587 CVE-2025-29087 CVE-2025-29088 CVE-2025-31115
CVE-2025-3277 CVE-2025-47273 CVE-2025-4802
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:430-1
Released: Tue Feb 11 15:13:32 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1236136,CVE-2024-13176
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:508-1
Released: Thu Feb 13 12:29:31 2025
Summary: Recommended update for findutils
Type: recommended
Severity: moderate
References: 1231472
This update for findutils fixes the following issue:
- fix crash when file system loop was encountered (bsc#1231472).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:582-1
Released: Tue Feb 18 15:55:29 2025
Summary: Security update for glibc
Type: security
Severity: low
References: 1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1377-1
Released: Fri Apr 25 19:43:34 2025
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
- add bpftool to patterns enhanced base. jsc#PED-8375
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released: Wed May 7 17:13:32 2025
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1810-1
Released: Wed Jun 4 11:28:57 2025
Summary: Security update for python3-setuptools
Type: security
Severity: important
References: 1243313,CVE-2025-47273
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1863-1
Released: Tue Jun 10 14:33:20 2025
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- add support EOL date for SP6 general support
- fix use SOURCEURL_WITH for proper README url in all cases
- do check rpm signatures
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- glibc-2.38-150600.14.32.1 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- libsqlite3-0-3.49.1-150000.3.27.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- patterns-base-fips-20200124-150600.32.6.1 updated
- findutils-4.8.0-150300.3.3.2 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- openssl-3-3.1.4-150600.5.27.1 updated
- ca-certificates-mozilla-2.74-150200.41.1 updated
- python3-setuptools-44.1.1-150400.9.12.1 updated
- container:sles15-image-15.6.0-47.21.1 updated
More information about the sle-container-updates
mailing list