SUSE-CU-2025:4400-1: Security update of suse/manager/5.0/x86_64/server-attestation
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 18 07:16:55 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4400-1
Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.4 , suse/manager/5.0/x86_64/server-attestation:5.0.4.6.17.1 , suse/manager/5.0/x86_64/server-attestation:latest
Container Release : 6.17.1
Severity : important
Type : security
References : 1175825 1230959 1231748 1232326 1240366 1240607 1240897 1241020
1241078 1241189 1241274 1241275 1241276 1243317 CVE-2020-8927
CVE-2025-21587 CVE-2025-27587 CVE-2025-29087 CVE-2025-29088 CVE-2025-30691
CVE-2025-30698 CVE-2025-3277 CVE-2025-3360 CVE-2025-4802
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1367-1
Released: Thu Apr 24 16:38:48 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1240897,CVE-2025-3360
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
-----------------------------------------------------------------
Advisory ID: 38402
Released: Fri Apr 25 11:05:30 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References:
This update for freetype2 fixes the following issue:
- enable brotli support (jsc#PED-12258)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1377-1
Released: Fri Apr 25 19:43:34 2025
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
- add bpftool to patterns enhanced base. jsc#PED-8375
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released: Wed May 7 17:13:32 2025
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1863-1
Released: Tue Jun 10 14:33:20 2025
Summary: Recommended update for sles15-image
Type: recommended
Severity: moderate
References:
This update for sles15-image fixes the following issues:
- add support EOL date for SP6 general support
- fix use SOURCEURL_WITH for proper README url in all cases
- do check rpm signatures
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1487-1
Released: Mon Jun 16 14:00:35 2025
Summary: Security update for java-11-openjdk
Type: security
Severity: important
References: 1241274,1241275,1241276,CVE-2025-21587,CVE-2025-30691,CVE-2025-30698
This update for java-11-openjdk fixes the following issues:
Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU)
CVEs:
+ CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274)
+ CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275)
+ CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276)
Changes:
+ JDK-8195675: Call to insertText with single character
from custom Input Method ignored
+ JDK-8202926: Test java/awt/Focus/
/WindowUpdateFocusabilityTest/
/WindowUpdateFocusabilityTest.html fails
+ JDK-8216539: tools/jar/modularJar/Basic.java timed out
+ JDK-8268364: jmethod clearing should be done during
unloading
+ JDK-8273914: Indy string concat changes order of
operations
+ JDK-8294316: SA core file support is broken on macosx-x64
starting with macOS 12.x
+ JDK-8306408: Fix the format of several tables in
building.md
+ JDK-8309841: Jarsigner should print a warning if an entry
is removed
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be
improved
+ JDK-8320916: jdk/jfr/event/gc/stacktrace/
/TestParallelMarkSweepAllocationPendingStackTrace.java failed
with 'OutOfMemoryError: GC overhead limit exceeded'
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8328242: Add a log area to the PassFailJFrame
+ JDK-8331863: DUIterator_Fast used before it is constructed
+ JDK-8336012: Fix usages of jtreg-reserved properties
+ JDK-8337494: Clarify JarInputStream behavior
+ JDK-8337692: Better TLS connection support
+ JDK-8338430: Improve compiler transformations
+ JDK-8339560: Unaddressed comments during code review of
JDK-8337664
+ JDK-8339810: Clean up the code in sun.tools.jar.Main to
properly close resources and use ZipFile during extract
+ JDK-8339931: Update problem list for
WindowUpdateFocusabilityTest.java
+ JDK-8340387: Update OS detection code to recognize
Windows Server 2025
+ JDK-8341424: GHA: Collect hs_errs from build time failures
+ JDK-8342562: Enhance Deflater operations
+ JDK-8342704: GHA: Report truncation is broken after
JDK-8341424
+ JDK-8343007: Enhance Buffered Image handling
+ JDK-8343474: [updates] Customize README.md to specifics
of update project
+ JDK-8343599: Kmem limit and max values swapped when
printing container information
+ JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to
macos-13 and XCode 14.3.1
+ JDK-8344589: Update IANA Language Subtag Registry to
Version 2024-11-19
+ JDK-8345509: Bump update version of OpenJDK: 11.0.27
+ JDK-8346587: Distrust TLS server certificates anchored by
Camerfirma Root CAs
+ JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no
license header
+ JDK-8347847: Enhance jar file support
+ JDK-8347965: (tz) Update Timezone Data to 2025a
+ JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25
updates
+ JDK-8352097: (tz) zone.tab update missed in 2025a backport
+ JDK-8354087: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27
The following package changes have been done:
- glibc-2.38-150600.14.32.1 updated
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libsqlite3-0-3.49.1-150000.3.27.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- libglib-2_0-0-2.78.6-150600.4.11.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated
- patterns-base-fips-20200124-150600.32.6.1 updated
- openssl-3-3.1.4-150600.5.27.1 updated
- libfreetype6-2.10.4-150000.4.22.1 updated
- java-11-openjdk-headless-11.0.27.0-150000.3.125.1 updated
- container:sles15-image-15.6.0-47.21.1 updated
More information about the sle-container-updates
mailing list