SUSE-IU-2025:699-1: Security update of suse/sl-micro/6.0/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Mar 8 08:04:03 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:699-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-5.7 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 5.7
Severity          : important
Type              : security
References        : 1215098 1215099 1215100 1215101 1215102 1215103 1230316 CVE-2023-40546
                        CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 225
Released:    Fri Mar  7 16:31:20 2025
Summary:     Security update for pcr-oracle, shim
Type:        security
Severity:    important
References:  1215098,1215099,1215100,1215101,1215102,1215103,1230316,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551
This update for pcr-oracle, shim fixes the following issues:

pcr-oracle:

- predict SbatLevelRT for the next boot (bsc#1230316)

shim was updated to version 15.8:

- Update shim-install to use the 'removable' way for encrypted
  SL-Micro images (bsc#1230316)
  * Always use the removable way for SL-Micro
  * Limit the removable option to encrypted SL-Micro


Security issues fixed:

- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)




The following package changes have been done:

- shim-15.8-1.1 updated

More information about the sle-container-updates mailing list