SUSE-IU-2025:1610-1: Security update of suse/sl-micro/6.1/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 20 07:25:18 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1610-1
Image Tags        : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.52 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release     : 4.52
Severity          : important
Type              : security
References        : 1244509 CVE-2024-10220 CVE-2024-36620 CVE-2024-36621 CVE-2024-36623
                        CVE-2024-37820 CVE-2024-43784 CVE-2024-45719 CVE-2024-50948 CVE-2024-52003
                        CVE-2024-52280 CVE-2024-52282 CVE-2024-52309 CVE-2024-52529 CVE-2024-52801
                        CVE-2024-53259 CVE-2024-53264 CVE-2024-53858 CVE-2024-53862 CVE-2024-54131
                        CVE-2024-54132 CVE-2024-6156 CVE-2024-6219 CVE-2024-6538 CVE-2024-8676
                        CVE-2025-6020 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 151
Released:    Thu Jun 19 10:45:49 2025
Summary:     Security update for pam
Type:        security
Severity:    important
References:  1244509,CVE-2024-10220,CVE-2024-36620,CVE-2024-36621,CVE-2024-36623,CVE-2024-37820,CVE-2024-43784,CVE-2024-45719,CVE-2024-50948,CVE-2024-52003,CVE-2024-52280,CVE-2024-52282,CVE-2024-52309,CVE-2024-52529,CVE-2024-52801,CVE-2024-53259,CVE-2024-53264,CVE-2024-53858,CVE-2024-53862,CVE-2024-54131,CVE-2024-54132,CVE-2024-6156,CVE-2024-6219,CVE-2024-6538,CVE-2024-8676,CVE-2025-6020
This update for pam fixes the following issues:

- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path
  to operate on file descriptors instead of absolute path. And keep the
  bind-mount protection from protect_mount() as a defense in depthmeasure.
  (bsc#1244509)


The following package changes have been done:

- pam-1.6.1-slfo.1.1_3.1 updated
- container:SL-Micro-base-container-2.2.0-4.53 updated

More information about the sle-container-updates mailing list