SUSE-IU-2025:741-1: Security update of suse/sl-micro/6.0/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 13 08:04:17 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:741-1
Image Tags        : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-5.11 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release     : 5.11
Severity          : important
Type              : security
References        : 1227052 1235151 1236270 1236507 1236588 1236590 1237641 CVE-2023-45288
                        CVE-2024-11218 CVE-2024-6104 CVE-2024-9407 CVE-2025-0167 CVE-2025-0725
                        CVE-2025-27144 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 238
Released:    Wed Mar 12 11:31:01 2025
Summary:     Security update for podman
Type:        security
Severity:    important
References:  1227052,1236270,1236507,1237641,CVE-2023-45288,CVE-2024-11218,CVE-2024-6104,CVE-2024-9407,CVE-2025-27144
This update for podman fixes the following issues:

- CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641):
- CVE-2024-11218: Fixed github.com/containers/buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile  (bsc#1236270):
- CVE-2023-45288: Fixed golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236507):
- CVE-2024-6104: Fixed hashicorp/go-retryablehttp: url might write sensitive information to log file  (bsc#1227052):


-----------------------------------------------------------------
Advisory ID: 239
Released:    Wed Mar 12 11:47:54 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1235151,1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:

Security issues fixed:

- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)

Other issues fixed:

- Make sure the TLS handshake after a successful STARTTLS command
  is fully done before further sending/receiving on the connection.  (bsc#1235151)


The following package changes have been done:

- SL-Micro-release-6.0-25.6 updated
- libcurl4-8.6.0-6.1 updated
- podman-4.9.5-3.1 updated
- container:SL-Micro-base-container-2.1.3-5.10 updated

More information about the sle-container-updates mailing list