SUSE-CU-2025:4394-1: Security update of suse/valkey

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jun 18 07:16:18 UTC 2025 

SUSE Container Update Advisory: suse/valkey
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4394-1
Container Tags        : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-8.1 , suse/valkey:latest
Container Release     : 8.1
Severity              : important
Type                  : security
References            : 1236177 1237496 1241708 1242060 1242938 1243061 1243259 1243804
                        1243913 CVE-2025-21605 CVE-2025-27151 CVE-2025-49112 
-----------------------------------------------------------------

The container suse/valkey was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1733-1
Released:    Wed May 28 17:59:52 2025
Summary:     Recommended update for krb5
Type:        recommended
Severity:    moderate
References:  1242060
This update for krb5 fixes the following issue:

- Remove references to the LMDB backend in the kdc.conf manpage (bsc#1242060).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released:    Thu May 29 11:40:51 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:

- Add missing 'systemd-journal-remote' package
  to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
  for users in Container UID range (bsc#1242938)
  Don't write messages sent from users with UID falling into the container UID
  range to the system journal. Daemons in the container don't talk to the
  outside journald as they talk to the inner one directly, which does its
  journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1942-1
Released:    Fri Jun 13 10:33:45 2025
Summary:     Security update for valkey
Type:        security
Severity:    important
References:  1241708,1243061,1243804,1243913,CVE-2025-21605,CVE-2025-27151,CVE-2025-49112
This update for valkey fixes the following issues:

- CVE-2025-27151: Absence of filename size check may cause a stack
  overflow (bsc#1243804)
- CVE-2025-49112: setDeferredReply integer underflow (bsc#1243913)
- CVE-2025-21605: Output buffer denial of service (bsc#1241708)


The following package changes have been done:

- libsystemd0-254.24-150600.4.33.1 updated
- krb5-1.20.1-150600.11.11.2 updated
- valkey-8.0.2-150700.3.5.1 updated
- container:suse-sle15-15.7-626120961c7a8016733514e970276dec30ade811d4f93e3382a3caac36480ef4-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-82739925ba65b8810dadaa4c56431db9d1b9fa413470d2633c47c756a7ba40df-0 updated

More information about the sle-container-updates mailing list