SUSE-CU-2025:1875-1: Security update of suse/sles/15.7/virt-launcher
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Mar 19 16:16:40 UTC 2025
SUSE Container Update Advisory: suse/sles/15.7/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1875-1
Container Tags : suse/sles/15.7/virt-launcher:1.4.0 , suse/sles/15.7/virt-launcher:1.4.0-150700.1.6 , suse/sles/15.7/virt-launcher:1.4.0.34.108
Container Release : 34.108
Severity : important
Type : security
References : 1214290 1229228 1229685 1229822 1230078 1233752 1234313 1234765
1235695 1236151 1236619 1236842 1236858 1236878 1236974 1237137
1237374 CVE-2023-4016 CVE-2024-12133 CVE-2024-12243 CVE-2024-43790
CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014
CVE-2025-24528
-----------------------------------------------------------------
The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:401-1
Released: Mon Feb 10 10:38:28 2025
Summary: Security update for crypto-policies, krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for crypto-policies and krb5 fixes the following issues:
Security issue fixed:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
Feature addition:
- Add crypto-policies support; (jsc#PED-12018)
* The default krb5.conf has been updated to include config
snippets in the krb5.conf.d directory, where crypto-policies
drops its.
- Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
* This key derivation function is used by AES256-CTS-HMAC-SHA1-96
and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active
directory. If these encryption types are allowed or not in
FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:547-1
Released: Fri Feb 14 08:26:30 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1229228,1233752,1234313,1234765
This update for systemd fixes the following issues:
- Fix agetty failing to open credentials directory (bsc#1229228)
- stdio-bridge: fix polled fds
- hwdb: comment out the entry for Logitech MX Keys for Mac
- core/unit-serialize: fix serialization of markers
- locale-setup: do not load locale from environemnt when /etc/locale.conf is unchanged
- core: fix assert when AddDependencyUnitFiles is called with invalid parameter
- Fix systemd-network recommending libidn2-devel (bsc#1234765)
- tpm2-util: also retry unsealing after policy_pcr returns PCR_CHANGED (bsc#1233752 bsc#1234313)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:548-1
Released: Fri Feb 14 11:19:24 2025
Summary: Security update for libtasn1
Type: security
Severity: important
References: 1236878,CVE-2024-12133
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:626-1
Released: Fri Feb 21 12:18:09 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1236858
This update for crypto-policies fixes the following issue:
- Remove dangling symlink for the libreswan config (bsc#1236858).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:723-1
Released: Wed Feb 26 14:29:39 2025
Summary: Security update for vim
Type: security
Severity: moderate
References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:741-1
Released: Fri Feb 28 11:15:50 2025
Summary: Security update for procps
Type: security
Severity: important
References: 1214290,1236842,CVE-2023-4016
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:764-1
Released: Mon Mar 3 09:43:37 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1236974,CVE-2024-12243
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:794-1
Released: Thu Mar 6 07:59:29 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: important
References: 1237374
This update for pkg-config fixes the following issues:
- Build with system GLib instead of bundled GLib (bsc#1237374).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.6.5 updated
- libzstd1-1.5.7-150700.1.1 updated
- libudev1-254.23-150600.4.25.1 updated
- libgcrypt20-1.11.0-150700.2.16 updated
- libxml2-2-2.12.10-150700.1.1 updated
- libopenssl3-3.2.3-150700.3.10 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.10 updated
- krb5-1.20.1-150600.11.8.1 updated
- sles-release-15.7-150700.22.1 updated
- libtasn1-6-4.13-150000.4.11.1 updated
- libtasn1-4.13-150000.4.11.1 updated
- kubevirt-container-disk-1.4.0-150700.1.6 updated
- libdevmapper1_03-2.03.24_1.02.198-150700.4.1 updated
- libnettle8-3.10.1-150700.2.9 updated
- pkg-config-0.29.2-150600.15.3.1 updated
- qemu-accel-tcg-x86-9.2.2-150700.1.1 updated
- qemu-hw-usb-host-9.2.2-150700.1.1 updated
- qemu-ipxe-9.2.2-150700.1.1 updated
- qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated
- qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.1 updated
- vim-data-common-9.1.1101-150500.20.21.1 updated
- zstd-1.5.7-150700.1.1 updated
- libsystemd0-254.23-150600.4.25.1 updated
- libhogweed6-3.10.1-150700.2.9 updated
- virtiofsd-1.12.0-150700.1.6 updated
- qemu-hw-usb-redirect-9.2.2-150700.1.1 updated
- vim-small-9.1.1101-150500.20.21.1 updated
- libprocps8-3.3.17-150000.7.42.1 updated
- libgnutls30-3.8.3-150600.4.6.2 updated
- xen-libs-4.20.0_08-150700.2.1 updated
- procps-3.3.17-150000.7.42.1 updated
- qemu-img-9.2.2-150700.1.1 updated
- gnutls-3.8.3-150600.4.6.2 updated
- systemd-254.23-150600.4.25.1 updated
- udev-254.23-150600.4.25.1 updated
- systemd-container-254.23-150600.4.25.1 updated
- kubevirt-virt-launcher-1.4.0-150700.1.6 updated
- qemu-x86-9.2.2-150700.1.1 updated
- qemu-9.2.2-150700.1.1 updated
- container:sles15-image-15.7.0-3.35 updated
More information about the sle-container-updates
mailing list