SUSE-IU-2025:691-1: Security update of suse/sl-micro/6.0/baremetal-os-container
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Mar 6 08:06:08 UTC 2025
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:691-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.6 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 5.6
Severity : important
Type : security
References : 1069468 1217783 1217826 1222121 1222815 1230551 1230552 1233699
1234665 1236282 CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770
CVE-2025-0395
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 222
Released: Wed Mar 5 17:01:50 2025
Summary: Security update for pcp
Type: security
Severity: important
References: 1069468,1217783,1217826,1222121,1222815,1230551,1230552,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770
This update for pcp fixes the following issues:
- CVE-2024-45770: Fixed `pmpost` symlink attack allowing escalating `pcp` to `root` user (bsc#1230552).
- CVE-2024-45769: Fixed `pmcd` heap corruption through metric pmstore operations (bsc#1230551).
- CVE-2024-3019: Fixed exposure of the redis backend server allowing remote command execution via pmproxy (bsc#1222121).
- CVE-2023-6917: Fixed Local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826).
Other fixes:
- Updated to version 6.2.0
-----------------------------------------------------------------
Advisory ID: 224
Released: Wed Mar 5 17:35:03 2025
Summary: Security update for glibc
Type: security
Severity: important
References: 1233699,1234665,1236282,CVE-2025-0395
This update for glibc fixes the following issues:
- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
Other fixes:
- Fix underallocation of abort_msg_s struct
- Correctly determine livepatching support
- Remove nss-systemd from default nsswitch.conf (bsc#1233699)
The following package changes have been done:
- glibc-2.38-8.1 updated
- SL-Micro-release-6.0-25.3 updated
- glibc-locale-base-2.38-8.1 updated
- pcp-conf-6.2.0-1.1 updated
- libpcp3-6.2.0-1.1 updated
- libpcp_import1-6.2.0-1.1 updated
- container:SL-Micro-base-container-2.1.3-5.6 updated
More information about the sle-container-updates
mailing list