SUSE-CU-2025:4402-1: Security update of suse/manager/5.0/x86_64/server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 18 07:17:11 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4402-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.4 , suse/manager/5.0/x86_64/server:5.0.4.7.24.1 , suse/manager/5.0/x86_64/server:latest
Container Release : 7.24.1
Severity : important
Type : security
References : 1222044 1230267 1230959 1231748 1232326 1234210 1235598 1235958
1235971 1236177 1236516 1236826 1237172 1237230 1237496 1237587
1237949 1238315 1238686 1239651 1239671 1239809 1239909 1240366
1240529 1240607 1241012 1241624 1242060 1242300 1242842 1242931
1242931 1242938 1242971 1243259 1243313 1243317 1243793 CVE-2023-45288
CVE-2025-22870 CVE-2025-2588 CVE-2025-27587 CVE-2025-32728 CVE-2025-4207
CVE-2025-4207 CVE-2025-4382 CVE-2025-47268 CVE-2025-47273 CVE-2025-4802
CVE-2025-48734
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1527-1
Released: Fri May 9 17:21:39 2025
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: important
References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529
This update for libsolv, libzypp, zypper fixes the following issues:
- Support the apk package and repository format (both v2 and v3)
- New dataiterator_final_{repo,solvable} functions
- Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598)
- XmlReader: Fix detection of bad input streams
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a service may set
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct default (false)
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- Fix computation of RepStatus if Repo URLs change
- Fix lost double slash when appending to an absolute FTP url (bsc#1238315)
- Add a transaction package preloader
- Strip a mediahandler tag from baseUrl querystrings
- Updated translations (bsc#1230267)
- Do not double encode URL strings passed on the commandline (bsc#1237587)
- info,search: add option to search and list Enhances (bsc#1237949)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1534-1
Released: Mon May 12 18:00:59 2025
Summary: Security update for augeas
Type: security
Severity: low
References: 1239909,CVE-2025-2588
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1538-1
Released: Tue May 13 07:39:45 2025
Summary: Recommended update for samba
Type: recommended
Severity: important
References: 1234210
This update for samba fixes the following issues:
- Fix Samba printers reporting invalid sid during print jobs
(bsc#1234210).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1606-1
Released: Tue May 20 15:53:14 2025
Summary: Recommended update for librdkafka
Type: recommended
Severity: moderate
References: 1242842
This update for librdkafka fixes the following issues:
- Avoid endless loops under certain circumstances (bsc#1242842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1615-1
Released: Wed May 21 11:53:06 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1235958,1235971,1239651,1242971,CVE-2025-4382
This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z.
Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged.
Also the following issue were fixed:
- CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971)
- Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1638-1
Released: Wed May 21 12:48:35 2025
Summary: Security update for openssh
Type: security
Severity: moderate
References: 1236826,1239671,1241012,CVE-2025-32728
This update for openssh fixes the following issue:
Security fixes:
- CVE-2025-32728: Fixed logic error in DisableForwarding option (bsc#1241012)
Other fixes:
- Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2
due to gssapi proposal not being correctly initialized (bsc#1236826).
The problem was introduced in the rebase of the patch for 9.6p1
- Enable --with-logind to call the SetTTY dbus method in systemd.
This allows 'wall' to print messages in ssh ttys (bsc#1239671)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1644-1
Released: Wed May 21 16:35:14 2025
Summary: Security update for postgresql17
Type: security
Severity: moderate
References: 1242931,CVE-2025-4207
This update for postgresql17 fixes the following issues:
Upgrade to 17.5:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
https://www.postgresql.org/docs/release/17.5/
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1648-1
Released: Wed May 21 22:43:46 2025
Summary: Recommended update for kbd
Type: recommended
Severity: moderate
References: 1237230
This update for kbd fixes the following issues:
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1721-1
Released: Tue May 27 17:59:31 2025
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update 0.394:
* Update pci, usb and vendor ids
* Fix usb.ids encoding and a couple of typos
* Fix configure to honor --prefix
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released: Thu May 29 11:40:51 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:
- Add missing 'systemd-journal-remote' package
to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
for users in Container UID range (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1766-1
Released: Fri May 30 09:45:37 2025
Summary: Security update for postgresql16
Type: security
Severity: moderate
References: 1242931,CVE-2025-4207
This update for postgresql16 fixes the following issues:
Upgrade to 16.9:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
https://www.postgresql.org/docs/release/16.9/
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1776-1
Released: Fri May 30 15:02:52 2025
Summary: Security update for iputils
Type: security
Severity: moderate
References: 1242300,CVE-2025-47268
This update for iputils fixes the following issues:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:1793-1
Released: Mon Jun 2 10:01:39 2025
Summary: Optional update for java modules
Type: optional
Severity: low
References:
This update for java modules and related fixes the following issue:
- Rebuild for consistency across products, no source changes:
- Packages being rebuilt:
apiguardian
assertj-core
byte-buddy
dom4j
hamcrest
jaxen
jdom
jopt-simple
junit
junit5
objectweb-asm
open-test-reporting
saxpath
xom
fasterxml-oss-parent
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1800-1
Released: Mon Jun 2 20:53:40 2025
Summary: Recommended update for python-pyzmq
Type: recommended
Severity: moderate
References: 1241624
This update for python-pyzmq fixes the following issues:
- Prevent open files leak by closing sockets on timeout (bsc#1241624)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1810-1
Released: Wed Jun 4 11:28:57 2025
Summary: Security update for python3-setuptools
Type: security
Severity: important
References: 1243313,CVE-2025-47273
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1815-1
Released: Wed Jun 4 19:01:24 2025
Summary: Security update for apache-commons-beanutils
Type: security
Severity: important
References: 1243793,CVE-2025-48734
This update for apache-commons-beanutils fixes the following issues:
Update to 1.11.0
- CVE-2025-48734: Fixed possible arbitrary code execution vulnerability (bsc#1243793)
Full changelog:
https://commons.apache.org/proper/commons-beanutils/changes.html#a1.11.0
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2025-1986
Released: Wed Jun 18 04:08:38 2025
Summary: Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References:
Maintenance update for Multi-Linux Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1988-1
Released: Wed Jun 18 04:10:06 2025
Summary: Security update for golang-github-prometheus-node_exporter
Type: security
Severity: moderate
References: 1236516,1238686,CVE-2023-45288,CVE-2025-22870
This update for golang-github-prometheus-node_exporter fixes the following issues:
golang-github-prometheus-node_exporter was updated to version 1.9.1:
- Security issues fixed:
* CVE-2025-22870: Bumped golang.org/x/net to version 0.37.0 (bsc#1238686)
- Other bugs fixed:
* pressure: Fixed missing IRQ on older kernels
* Fix Darwin memory leak
The following package changes have been done:
- glibc-2.38-150600.14.32.1 updated
- libfa1-1.14.1-150600.3.3.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- ncurses-utils-6.1-150000.5.30.1 updated
- libaugeas0-1.14.1-150600.3.3.1 updated
- iputils-20221126-150500.3.11.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- libsolv-tools-base-0.7.32-150600.8.10.1 updated
- libzypp-17.36.7-150600.3.53.1 updated
- zypper-1.14.89-150600.10.31.1 updated
- openssl-3-3.1.4-150600.5.27.1 updated
- kbd-legacy-2.4.0-150400.5.9.1 updated
- kbd-2.4.0-150400.5.9.1 updated
- libsystemd0-254.24-150600.4.33.1 updated
- systemd-254.24-150600.4.33.1 updated
- libudev1-254.24-150600.4.33.1 updated
- glibc-locale-base-2.38-150600.14.32.1 updated
- libpq5-17.5-150600.13.13.1 updated
- librdkafka1-0.11.6-150600.16.3.1 updated
- libsolv-tools-0.7.32-150600.8.10.1 updated
- openssh-common-9.6p1-150600.6.26.1 updated
- release-notes-susemanager-5.0.4.1-150600.11.34.1 updated
- glibc-locale-2.38-150600.14.32.1 updated
- postgresql16-16.9-150600.16.18.1 updated
- glibc-devel-2.38-150600.14.32.1 updated
- openssh-fips-9.6p1-150600.6.26.1 updated
- spacewalk-java-lib-5.0.25-150600.3.28.4 updated
- golang-github-prometheus-node_exporter-1.9.1-150100.3.35.2 updated
- hwdata-0.394-150000.3.77.2 updated
- openssh-server-9.6p1-150600.6.26.1 updated
- openssh-clients-9.6p1-150600.6.26.1 updated
- python3-solv-0.7.32-150600.8.10.1 updated
- postgresql16-server-16.9-150600.16.18.1 updated
- susemanager-sync-data-5.0.12-150600.3.19.1 updated
- openssh-9.6p1-150600.6.26.1 updated
- grub2-2.12-150600.8.27.1 updated
- grub2-i386-pc-2.12-150600.8.27.1 updated
- postgresql16-contrib-16.9-150600.16.18.1 updated
- samba-client-libs-4.19.8+git.422.34307c5a3aa-150600.3.15.1 updated
- grub2-x86_64-efi-2.12-150600.8.27.1 updated
- grub2-powerpc-ieee1275-2.12-150600.8.27.1 updated
- grub2-arm64-efi-2.12-150600.8.27.1 updated
- python3-setuptools-44.1.1-150400.9.12.1 updated
- python3-pyzmq-17.1.2-150000.3.8.1 updated
- jdom-1.1.3-150200.12.10.1 updated
- dom4j-2.1.4-150200.12.12.1 updated
- spacewalk-base-minimal-5.0.19-150600.3.21.4 updated
- objectweb-asm-9.7-150200.3.17.1 updated
- spacewalk-base-minimal-config-5.0.19-150600.3.21.4 updated
- apache-commons-beanutils-1.11.0-150200.3.9.1 updated
- spacewalk-base-5.0.19-150600.3.21.4 updated
- spacewalk-java-postgresql-5.0.25-150600.3.28.4 updated
- spacewalk-java-config-5.0.25-150600.3.28.4 updated
- spacewalk-html-5.0.19-150600.3.21.4 updated
- spacewalk-taskomatic-5.0.25-150600.3.28.4 updated
- spacewalk-java-5.0.25-150600.3.28.4 updated
- container:suse-manager-5.0-init-5.0.4-5.0.4-7.15.5 updated
More information about the sle-container-updates
mailing list