SUSE-CU-2025:4594-1: Security update of suse/pcp

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Jun 20 13:58:30 UTC 2025 

SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4594-1
Container Tags        : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-61.3 , suse/pcp:latest
Container Release     : 61.3
Severity              : important
Type                  : security
References            : 1236177 1237230 1237496 1241678 1242938 1243259 CVE-2024-10041
-----------------------------------------------------------------

The container suse/pcp was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1511-1
Released:    Wed May  7 21:35:57 2025
Summary:     Security update for apparmor
Type:        security
Severity:    moderate
References:  1241678,CVE-2024-10041
This update for apparmor fixes the following issues:

- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
  file even if it has 000 permissions. This is needed after the CVE-2024-10041
  fix in PAM. (bsc#1241678)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1739-1
Released:    Thu May 29 11:40:51 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    important
References:  1236177,1237496,1242938,1243259
This update for systemd fixes the following issues:

- Add missing 'systemd-journal-remote' package
  to 15-SP7 (bsc#1243259)
- umount: do not move busy network mounts (bsc#1236177)
- Apply coredump sysctl settings on systemd-coredump updates/removals.
- Fix the issue with journalctl not working
  for users in Container UID range (bsc#1242938)
  Don't write messages sent from users with UID falling into the container UID
  range to the system journal. Daemons in the container don't talk to the
  outside journald as they talk to the inner one directly, which does its
  journal splitting based on shifted uids.
- man/pstore.conf: pstore.conf template is not always installed in /etc
- man: coredump.conf template is not always installed in /etc (bsc#1237496)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1866-1
Released:    Tue Jun 10 16:19:33 2025
Summary:     Recommended update for kbd
Type:        recommended
Severity:    important
References:  1237230
This update for kbd fixes the following issues:

- Don't search for resources in the current directory. It can cause
  unwanted side effects or even infinite loop (bsc#1237230)


The following package changes have been done:

- kbd-2.4.0-150700.15.3.1 updated
- libapparmor1-3.1.7-150600.5.9.1 updated
- libsystemd0-254.24-150600.4.33.1 updated
- systemd-254.24-150600.4.33.1 updated
- container:bci-bci-init-15.7-e24769b1cac69fbbfec9b56d8571092c0c77c32bdb9439bc21d1c950d4d06c5b-0 updated

More information about the sle-container-updates mailing list