SUSE-CU-2025:4393-1: Security update of bci/spack

Wed Jun 18 07:16:17 UTC 2025

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4393-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-13.1 , bci/spack:latest
Container Release     : 13.1
Severity              : important
Type                  : security
References            : 1236177 1237496 1242938 1243259 1243317 CVE-2025-4802 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1702-1
Released:    Sat May 24 11:50:53 2025
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1243317,CVE-2025-4802
This update for glibc fixes the following issues:

- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
  search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1714-1
Released:    Tue May 27 13:23:20 2025
Summary:     Recommended update for ncurses
Type:        recommended
Severity:    moderate
References:  
This update for ncurses fixes the following issues:

- Backport sclp terminfo description entry if for s390 sclp terminal lines 
- Add a further sclp entry for qemu s390 based systems
- Make use of dumb

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released:    Thu May 29 11:40:51 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:

- Add missing 'systemd-journal-remote' package
  to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
  for users in Container UID range (bsc#1242938)
  Don't write messages sent from users with UID falling into the container UID
  range to the system journal. Daemons in the container don't talk to the
  outside journald as they talk to the inner one directly, which does its
  journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)

The following package changes have been done:

- libncurses6-6.1-150000.5.30.1 updated
- libsystemd0-254.24-150600.4.33.1 updated
- tack-6.1-150000.5.30.1 updated
- ncurses-devel-6.1-150000.5.30.1 updated
- glibc-devel-2.38-150600.14.32.1 updated
- container:registry.suse.com-bci-bci-base-15.7-626120961c7a8016733514e970276dec30ade811d4f93e3382a3caac36480ef4-0 updated