SUSE-IU-2025:691-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 6 08:06:08 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:691-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.6 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 5.6
Severity          : important
Type              : security
References        : 1069468 1217783 1217826 1222121 1222815 1230551 1230552 1233699
                        1234665 1236282 CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770
                        CVE-2025-0395 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 222
Released:    Wed Mar  5 17:01:50 2025
Summary:     Security update for pcp
Type:        security
Severity:    important
References:  1069468,1217783,1217826,1222121,1222815,1230551,1230552,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770
This update for pcp fixes the following issues:

- CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552).
- CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551).
- CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121).
- CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826).

Other fixes:
- Updated to version 6.2.0



-----------------------------------------------------------------
Advisory ID: 224
Released:    Wed Mar  5 17:35:03 2025
Summary:     Security update for glibc
Type:        security
Severity:    important
References:  1233699,1234665,1236282,CVE-2025-0395
This update for glibc fixes the following issues:
  
- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).

Other fixes:
- Fix underallocation of abort_msg_s struct
- Correctly determine livepatching support
- Remove nss-systemd from default nsswitch.conf (bsc#1233699)



The following package changes have been done:

- glibc-2.38-8.1 updated
- SL-Micro-release-6.0-25.3 updated
- glibc-locale-base-2.38-8.1 updated
- pcp-conf-6.2.0-1.1 updated
- libpcp3-6.2.0-1.1 updated
- libpcp_import1-6.2.0-1.1 updated
- container:SL-Micro-base-container-2.1.3-5.6 updated

More information about the sle-container-updates mailing list