SUSE-IU-2025:821-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Mar 28 08:06:47 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:821-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.14 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 4.14
Severity          : important
Type              : recommended
References        : 1213470 1221385 1221386 1222979 1222983 1222984 1222986 1222987
                        1223252 1225381 1226274 1227298 1227399 1228046 1228047 1228048
                        1228050 1228051 1228052 1228216 1228255 1228256 1228257 1228258
                        1230400 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-21011
                        CVE-2024-21012 CVE-2024-21068 CVE-2024-21085 CVE-2024-21094 CVE-2024-21131
                        CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147
                        CVE-2024-23672 CVE-2024-23984 CVE-2024-24549 CVE-2024-24968 CVE-2024-29857
                        CVE-2024-30171 CVE-2024-30172 CVE-2024-34750 CVE-2024-4076 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 54
Released:    Thu Mar 27 12:45:03 2025
Summary:     Recommended update for strace
Type:        recommended
Severity:    moderate
References:  1228216,1230400,CVE-2024-23984,CVE-2024-24968
This update for strace fixes the following issues:

- Update to strace 6.13
  * Implemented decoding of getxattrat, setxattrat, listxattrat,
    and removexattrat syscalls.
  * Updated decoding of struct io_uring_clone_buffers, struct io_uring_napi,
    and struct perf_event_attr.
  * Updated decoding of crypto_user_alg netlink attributes of NETLINK_CRYPTO.
  * Implemented decoding of IFLA_MCTP_PHYS_BINDING netlink attribute.
  * Updated lists of AT_*, BPF_*, FAN_*, IORING_*, MADV_*, NT_*, and SCM_*
    constants.
  * Updated lists of ioctl commands from Linux 6.13.
- Update to strace 6.12
  * Implemented decoding of EPIOCGPARAMS and EPIOCSPARAMS ioctl commands.
  * Implemented decoding of NS_GET_MNTNS_ID, NS_GET_PID_FROM_PIDNS,
    NS_GET_TGID_FROM_PIDNS, NS_GET_PID_IN_PIDNS, NS_GET_TGID_IN_PIDNS,
    NS_MNT_GET_INFO, NS_MNT_GET_NEXT, and NS_MNT_GET_PREV ioctl commands.
  * Implemented decoding of FRA_DSCP netlink attribute.
  * Implemented decoding of IORING_REGISTER_CLOCK and
    IORING_REGISTER_CLONE_BUFFERS opcodes of io_uring_register syscall.
  * Updated decoding of struct landlock_ruleset_attr.
  * Updated lists of AUDIT_*, ETHTOOL_*, F_*, IORING_*, LSM_*, MAP_*, MSG_*,
    NT_*, SCHED_*, SCM_*, SO_*, and V4L2_* constants.
  * Updated lists of ioctl commands from Linux 6.12.
  * Fix the syscall name printed by strace when PTRACE_GET_SYSCALL_INFO
    is in use and a syscall is restarted by a just attached tracee using
    restart_syscall mechanism.
- Update to strace 6.11
  * Implemented decoding of uretprobe syscall.
  * Implemented decoding of WDIOC_GETSUPPORT and WDIOC_SETOPTIONS ioctl
    commands.
  * Enhanced decoding of unknown ioctl commands in non-abbreviated mode
    by printing the contents of the ioctl argument buffer in hexadecimal format.
  * Updated decoding of listmount, statmount, and statx syscalls.
  * Updated lists of ETHTOOL_*, IORING_*, IPPROTO_*, RWF_*, STATX_*, and V4L2_*
    constants.
  * Updated lists of ioctl commands from Linux 6.11.
- Update License tag (bsc#1228216)
- Update to strace 6.10
  * Implemented --decode-fds=eventfd option to retrieve eventfd object details
    associated with eventfd file descriptors.
  * Implemented decoding of NETLINK_GENERIC nlctrl protocol.
  * Implemented decoding of F_DUPFD_QUERY fcntl.
  * Implemented decoding of mseal syscall.
  * Updated decoding of statx and prctl syscalls.
  * Updated decoding of BPF_RAW_TRACEPOINT_OPEN bpf command.
  * Updated lists of BPF_*, IORING_*, KEXEC_*, KEY_*, LANDLOCK_*, PR_*, STATX_*,
    TCP_*, TEE_*, V4L2_*, and *_MAGIC constants.
  * Updated lists of ioctl commands from Linux 6.10.
  * Worked around a bug introduced in Linux 6.5 that affected system call
    tampering on riscv64.
- Update to strace 6.9
  * Implemented --always-show-pid option.
  * The --user|-u option has learned to recognize numeric UID:GID pair, allowing
    e.g. statically-built strace to be used without invoking nss plugins.
  * Implemented decoding of IORING_REGISTER_SYNC_CANCEL,
    IORING_REGISTER_FILE_ALLOC_RANGE, IORING_REGISTER_PBUF_STATUS,
    IORING_REGISTER_NAPI, and IORING_UNREGISTER_NAPI opcodes of
    io_uring_register syscall.
  * Implemented decoding of BPF_TOKEN_CREATE bpf syscall command.
  * Updated decoding of io_uring_register and pidfd_send_signal syscalls.
  * Updated lists of BPF_*, CAN_*, IORING_*, KEY_*, LSM_*, MPOL_*, NT_*, RWF_*,
    PIDFD_*, PTP_*, TCP_*, and *_MAGIC constants.
  * Updated lists of ioctl commands from Linux 6.9.
- Update to strace 6.8
  * Renamed --stack-traces to --stack-trace for consistency.
    Old option is retained for backwards compatibility.
  * Implemented --stack-trace-frame-limit=N option for configuring the limit
    of the number of printed backtrace frames.
  * Implemented decoding of statmount, listmount, lsm_get_self_attr,
    lsm_set_self_attr, and lsm_list_modules syscalls.
  * Implemented decoding of setsockopt(TCP_AO_ADD_KEY).
  * Updated decoding of landlock_create_ruleset and landlock_add_rule syscalls.
  * Updated decoding of SMC_DIAG_DMBINFO netlink attribute.
  * Updated decoding of UBI_IOCATT ioctl command.
  * Enhanced decoding of mount attributes of fsmount and mount_setattr syscalls.
  * Updated lists of BPF_*, KEXEC_*, KVM_*, PERF_*, SOL_*, STATX_*, UFFD_*,
    and V4L2_* constants.
  * Updated lists of ioctl commands from Linux 6.8.

-----------------------------------------------------------------
Advisory ID: 55
Released:    Thu Mar 27 12:47:24 2025
Summary:     Recommended update for lshw
Type:        recommended
Severity:    important
References:  1213470,1221385,1221386,1222979,1222983,1222984,1222986,1222987,1223252,1225381,1226274,1227298,1227399,1228046,1228047,1228048,1228050,1228051,1228052,1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-21011,CVE-2024-21012,CVE-2024-21068,CVE-2024-21085,CVE-2024-21094,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147,CVE-2024-23672,CVE-2024-24549,CVE-2024-29857,CVE-2024-30171,CVE-2024-30172,CVE-2024-34750,CVE-2024-4076
This update for lshw fixes the following issues:

- Update to version B.02.20 (jsc#9912):
  * update changelog
  * update data files
  * get rid of GTK deprecation warning
  * get rid of some snprintf warnings
  * Add support for 100Gbit interfaces


The following package changes have been done:

- strace-6.13-slfo.1.1_1.1 updated
- lshw-B.02.20-slfo.1.1_1.1 updated
- container:SL-Micro-base-container-2.2.0-4.13 updated

More information about the sle-container-updates mailing list