SUSE-CU-2025:1876-1: Security update of suse/sles/15.7/libguestfs-tools
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Mar 19 16:16:41 UTC 2025
SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1876-1
Container Tags : suse/sles/15.7/libguestfs-tools:1.4.0 , suse/sles/15.7/libguestfs-tools:1.4.0-150700.1.6 , suse/sles/15.7/libguestfs-tools:1.4.0.28.144
Container Release : 28.144
Severity : important
Type : security
References : 1228086 1228434 1229228 1231792 1233752 1234313 1234765 1235912
1236384 1236619 1236705 1236820 1236858 1236878 1236939 1236974
1236983 1237374 CVE-2024-12133 CVE-2024-12243 CVE-2025-0938 CVE-2025-24528
-----------------------------------------------------------------
The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:515-1
Released: Thu Feb 13 12:58:42 2025
Summary: Recommended update for dracut
Type: recommended
Severity: moderate
References: 1228086,1231792,1235912
This update for dracut fixes the following issue:
- Version update 059+suse.552.g232957b4
- fixes related to getting live image size (bsc#1235912).
- fixes for booting from iSCSI offload with bnx2i (bsc#1228086).
- rework timeout for devices added via --mount and --add-device (bsc#1231792).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:554-1
Released: Fri Feb 14 16:10:40 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1236705,CVE-2025-0938
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:680-1
Released: Mon Feb 24 12:01:16 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: important
References: 1228434,1236384,1236820,1236939,1236983
This update for libzypp, zypper fixes the following issues:
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'
- Fix Repoverification plugin not being executed
- Refresh: Fetch the master index file before key and signature (bsc#1236820)
- Deprecate RepoReports we do not trigger
- Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939)
- New system-architecture command (bsc#1236384)
- Change versioncmp command to return exit code according to the comparison result
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:764-1
Released: Mon Mar 3 09:43:37 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1236974,CVE-2024-12243
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:794-1
Released: Thu Mar 6 07:59:29 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: important
References: 1237374
This update for pkg-config fixes the following issues:
- Build with system GLib instead of bundled GLib (bsc#1237374).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.6.5 updated
- libzstd1-1.5.7-150700.1.1 updated
- libudev1-254.23-150600.4.25.1 updated
- libgcrypt20-1.11.0-150700.2.16 updated
- libxml2-2-2.12.10-150700.1.1 updated
- libopenssl3-3.2.3-150700.3.10 updated
- libzck1-1.5.1-150700.1.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.10 updated
- krb5-1.20.1-150600.11.8.1 updated
- sles-release-15.7-150700.22.1 updated
- libzypp-17.36.1-150600.3.47.2 updated
- zypper-1.14.84-150600.10.25.2 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- libguestfs-winsupport-1.55.6-150700.1.1 updated
- guestfs-tools-1.53.7-150700.1.1 updated
- libdevmapper1_03-2.03.24_1.02.198-150700.4.1 updated
- libhivex0-1.3.24-150700.1.5 updated
- libnettle8-3.10.1-150700.2.9 updated
- libopenssl1_1-1.1.1w-150700.9.19 updated
- libx86emu3-3.7-150700.1.1 updated
- mdadm-4.4-150700.1.2 updated
- osinfo-db-20250124-150700.2.1 updated
- pkg-config-0.29.2-150600.15.3.1 updated
- qemu-accel-tcg-x86-9.2.2-150700.1.1 updated
- qemu-ipxe-9.2.2-150700.1.1 updated
- qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated
- qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated
- zstd-1.5.7-150700.1.1 updated
- libsystemd0-254.23-150600.4.25.1 updated
- libhogweed6-3.10.1-150700.2.9 updated
- python3-base-3.6.15-150300.10.81.1 updated
- libpython3_6m1_0-3.6.15-150300.10.81.1 updated
- virtiofsd-1.12.0-150700.1.6 updated
- bind-utils-9.20.3-150700.1.5 updated
- libmpath0-0.10.2+122+suse.51e02cc-150700.1.1 updated
- libgnutls30-3.8.3-150600.4.6.2 updated
- xen-libs-4.20.0_08-150700.2.1 updated
- qemu-vmsr-helper-9.2.2-150700.1.1 updated
- qemu-pr-helper-9.2.2-150700.1.1 updated
- qemu-img-9.2.2-150700.1.1 updated
- systemd-254.23-150600.4.25.1 updated
- qemu-tools-9.2.2-150700.1.1 updated
- util-linux-systemd-2.40.4-150700.1.4 updated
- udev-254.23-150600.4.25.1 updated
- dracut-059+suse.552.g232957b4-150600.3.17.2 updated
- dracut-fips-059+suse.552.g232957b4-150600.3.17.2 updated
- qemu-x86-9.2.2-150700.1.1 updated
- qemu-9.2.2-150700.1.1 updated
- libguestfs0-1.55.6-150700.1.1 updated
- libguestfs-devel-1.55.6-150700.1.1 updated
- libguestfs-appliance-1.55.6-150700.1.1 updated
- libguestfs-1.55.6-150700.1.1 updated
- container:sles15-image-15.7.0-3.35 updated
More information about the sle-container-updates
mailing list