SUSE-CU-2025:4403-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Jun 18 07:17:17 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4403-1
Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.4 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.4.7.17.1 , suse/manager/5.0/x86_64/server-migration-14-16:latest
Container Release : 7.17.1
Severity : important
Type : security
References : 1230959 1231748 1232234 1232326 1236177 1237496 1239618 1240366
1240607 1241453 1241551 1241605 1242060 1242931 1242931 1242931
1242938 1243259 1243317 CVE-2024-10041 CVE-2024-8176 CVE-2025-27587
CVE-2025-32414 CVE-2025-32415 CVE-2025-4207 CVE-2025-4207 CVE-2025-4207
CVE-2025-4802
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1291-1
Released: Wed Apr 16 09:41:51 2025
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Version update 2025b
* New zone for Aysen Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches for philippines historical data and china tzdata
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1376-1
Released: Fri Apr 25 18:11:02 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1241605
This update for libgcrypt fixes the following issues:
- FIPS: Pad PKCS1.5 signatures with SHA3 correctly [bsc#1241605]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1377-1
Released: Fri Apr 25 19:43:34 2025
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issues:
- add bpftool to patterns enhanced base. jsc#PED-8375
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1394-1
Released: Mon Apr 28 16:15:21 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References:
This update for glibc fixes the following issues:
- Add support for userspace livepatching for ppc64le (jsc#PED-11850)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1438-1
Released: Fri May 2 15:44:07 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1550-1
Released: Fri May 16 02:16:11 2025
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1230959,1231748,1232326,1240366,1240607,CVE-2025-27587
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1644-1
Released: Wed May 21 16:35:14 2025
Summary: Security update for postgresql17
Type: security
Severity: moderate
References: 1242931,CVE-2025-4207
This update for postgresql17 fixes the following issues:
Upgrade to 17.5:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
https://www.postgresql.org/docs/release/17.5/
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1661-1
Released: Thu May 22 18:03:01 2025
Summary: Security update for postgresql14
Type: security
Severity: moderate
References: 1242931,CVE-2025-4207
This update for postgresql14 fixes the following issues:
Upgrade to 14.18:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released: Sat May 24 11:50:53 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1243317,CVE-2025-4802
This update for glibc fixes the following issues:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released: Tue May 27 13:23:20 2025
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References:
This update for ncurses fixes the following issues:
- Backport sclp terminfo description entry if for s390 sclp terminal lines
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released: Wed May 28 17:59:52 2025
Summary: Recommended update for krb5
Type: recommended
Severity: moderate
References: 1242060
This update for krb5 fixes the following issue:
- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released: Thu May 29 11:40:51 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:
- Add missing 'systemd-journal-remote' package
to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
for users in Container UID range (bsc#1242938)
Don't write messages sent from users with UID falling into the container UID
range to the system journal. Daemons in the container don't talk to the
outside journald as they talk to the inner one directly, which does its
journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1766-1
Released: Fri May 30 09:45:37 2025
Summary: Security update for postgresql16
Type: security
Severity: moderate
References: 1242931,CVE-2025-4207
This update for postgresql16 fixes the following issues:
Upgrade to 16.9:
- CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931)
Changelog:
https://www.postgresql.org/docs/release/16.9/
The following package changes have been done:
- glibc-2.38-150600.14.32.1 updated
- libxml2-2-2.10.3-150500.5.26.1 updated
- libncurses6-6.1-150000.5.30.1 updated
- terminfo-base-6.1-150000.5.30.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libgcrypt20-1.10.3-150600.3.6.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- patterns-base-fips-20200124-150600.32.6.1 updated
- pam-1.3.0-150000.6.76.1 updated
- timezone-2025b-150600.91.6.2 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- libsystemd0-254.24-150600.4.33.1 updated
- glibc-locale-base-2.38-150600.14.32.1 updated
- libpq5-17.5-150600.13.13.1 updated
- glibc-locale-2.38-150600.14.32.1 updated
- postgresql14-14.18-150600.16.17.1 updated
- postgresql16-16.9-150600.16.18.1 updated
- postgresql14-server-14.18-150600.16.17.1 updated
- postgresql16-server-16.9-150600.16.18.1 updated
- postgresql16-contrib-16.9-150600.16.18.1 updated
- postgresql14-contrib-14.18-150600.16.17.1 updated
- container:suse-manager-5.0-init-5.0.4-5.0.4-7.15.5 updated
More information about the sle-container-updates
mailing list