From sle-container-updates at lists.suse.com Thu May 1 07:04:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:04:10 +0200 (CEST) Subject: SUSE-IU-2025:1216-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250501070410.0D418FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1216-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.165 , suse/sle-micro/base-5.5:latest Image Release : 5.8.165 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:13:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:13:31 +0200 (CEST) Subject: SUSE-CU-2025:3015-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250501071331.BA1C3FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3015-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.124 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.124 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:17:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:17:43 +0200 (CEST) Subject: SUSE-CU-2025:3017-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250501071743.A0ECCFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3017-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.124 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.124 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:19:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:19:03 +0200 (CEST) Subject: SUSE-CU-2025:3018-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250501071903.C66C5FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3018-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.27 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.27 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:20:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:20:22 +0200 (CEST) Subject: SUSE-CU-2025:3020-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250501072022.D074BFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3020-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.75 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.75 , suse/ltss/sle15.3/sle15:latest Container Release : 2.75 Severity : moderate Type : recommended References : 1241569 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1417-1 Released: Wed Apr 30 12:53:24 2025 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1241569 This update for libeconf fixes the following issue: - Re-issue fix for mangled $PATH variable, this time including LTSS products. (bsc#1241569) The following package changes have been done: - libeconf0-0.5.2-150300.3.13.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:21:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:21:38 +0200 (CEST) Subject: SUSE-CU-2025:3022-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250501072138.81EDBFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3022-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.37 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.37 , suse/ltss/sle15.4/sle15:latest Container Release : 2.37 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:24:29 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:24:29 +0200 (CEST) Subject: SUSE-CU-2025:3023-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250501072429.6C3B1FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3023-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.27 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.27 , suse/ltss/sle15.5/sle15:latest Container Release : 4.27 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:28:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:28:51 +0200 (CEST) Subject: SUSE-CU-2025:3029-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250501072851.C240EFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3029-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.18 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.18 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated - container:sles15-ltss-image-15.4.0-2.37 updated From sle-container-updates at lists.suse.com Thu May 1 07:29:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:29:45 +0200 (CEST) Subject: SUSE-CU-2025:3030-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250501072945.83B2BFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3030-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.24 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.24 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.12.0-150400.3.8.1 updated - container:sles15-ltss-image-15.4.0-2.37 updated From sle-container-updates at lists.suse.com Thu May 1 07:34:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:34:04 +0200 (CEST) Subject: SUSE-CU-2025:3034-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250501073404.B042DFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3034-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.116 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.116 Severity : moderate Type : recommended References : 1241569 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1417-1 Released: Wed Apr 30 12:53:24 2025 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1241569 This update for libeconf fixes the following issue: - Re-issue fix for mangled $PATH variable, this time including LTSS products. (bsc#1241569) The following package changes have been done: - libeconf0-0.5.2-150300.3.13.1 updated From sle-container-updates at lists.suse.com Thu May 1 07:38:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 May 2025 09:38:45 +0200 (CEST) Subject: SUSE-CU-2025:3036-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250501073845.0E67CFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3036-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.118 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.118 Severity : moderate Type : recommended References : 1241569 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1417-1 Released: Wed Apr 30 12:53:24 2025 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1241569 This update for libeconf fixes the following issue: - Re-issue fix for mangled $PATH variable, this time including LTSS products. (bsc#1241569) The following package changes have been done: - libeconf0-0.5.2-150300.3.13.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:05:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:05:15 +0200 (CEST) Subject: SUSE-CU-2025:3039-1: Security update of containers/open-webui Message-ID: <20250503070515.B18E6FC2E@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3039-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.47 Container Release : 9.47 Severity : critical Type : security References : 1241453 1241551 1241872 CVE-2025-32414 CVE-2025-32415 CVE-2025-43859 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1430-1 Released: Fri May 2 10:10:32 2025 Summary: Security update for python-h11 Type: security Severity: critical References: 1241872,CVE-2025-43859 This update for python-h11 fixes the following issues: - CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request smuggling. (bsc#1241872) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - libprotobuf25_5_0-25.5-150600.2.60 updated - libfreetype6-2.10.4-150000.4.22.1 updated - python311-protobuf-4.25.5-150600.2.60 updated - python311-h11-0.14.0-150400.9.6.1 updated - python311-numpy1-1.26.4-150600.1.37 updated - python311-scipy-1.14.1-150600.1.38 updated - python311-pandas-2.2.3-150600.1.39 updated - python311-scikit-learn-1.5.1-150600.1.40 updated - python311-open-webui-0.5.14-150600.1.29 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 07:06:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:06:16 +0200 (CEST) Subject: SUSE-IU-2025:1239-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250503070616.C5676FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1239-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.166 , suse/sle-micro/base-5.5:latest Image Release : 5.8.166 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:06:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:06:17 +0200 (CEST) Subject: SUSE-IU-2025:1240-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250503070617.864F0FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1240-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.167 , suse/sle-micro/base-5.5:latest Image Release : 5.8.167 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:06:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:06:51 +0200 (CEST) Subject: SUSE-IU-2025:1242-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250503070651.6CE40FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1242-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.317 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.317 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.167 updated From sle-container-updates at lists.suse.com Sat May 3 07:07:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:07:45 +0200 (CEST) Subject: SUSE-IU-2025:1244-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250503070745.51794FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1244-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.374 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.374 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.286 updated From sle-container-updates at lists.suse.com Sat May 3 07:08:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:08:37 +0200 (CEST) Subject: SUSE-IU-2025:1246-1: Security update of suse/sle-micro/5.5 Message-ID: <20250503070837.D19CBFD12@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1246-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.286 , suse/sle-micro/5.5:latest Image Release : 5.5.286 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.167 updated From sle-container-updates at lists.suse.com Sat May 3 07:13:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:13:57 +0200 (CEST) Subject: SUSE-CU-2025:3045-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250503071357.D3820FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3045-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.125 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.125 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.14-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:17:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:17:15 +0200 (CEST) Subject: SUSE-CU-2025:3047-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250503071715.D7D23FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3047-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.125 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.125 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.14-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:18:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:18:18 +0200 (CEST) Subject: SUSE-CU-2025:3048-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250503071818.CE372FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3048-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.28 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.28 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:18:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:18:42 +0200 (CEST) Subject: SUSE-CU-2025:3049-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250503071842.05690FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3049-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.77 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.77 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1440-1 Released: Fri May 2 15:44:50 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.4-46.84.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:19:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:19:47 +0200 (CEST) Subject: SUSE-CU-2025:3051-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250503071947.422C8FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3051-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.76 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.76 , suse/ltss/sle15.3/sle15:latest Container Release : 2.76 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1439-1 Released: Fri May 2 15:44:33 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.7-150000.3.79.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:20:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:20:52 +0200 (CEST) Subject: SUSE-CU-2025:3053-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250503072052.95B83FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3053-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.38 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.38 , suse/ltss/sle15.4/sle15:latest Container Release : 2.38 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.14-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:23:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:23:17 +0200 (CEST) Subject: SUSE-CU-2025:3054-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250503072317.56EEDFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3054-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.28 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.28 , suse/ltss/sle15.5/sle15:latest Container Release : 4.28 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:29:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:29:41 +0200 (CEST) Subject: SUSE-CU-2025:3068-1: Recommended update of bci/golang Message-ID: <20250503072941.1CE09FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3068-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.2 , bci/golang:1.24.2-1.36.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.36.1 Container Release : 36.1 Severity : important Type : recommended References : 1240764 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1428-1 Released: Fri May 2 09:54:49 2025 Summary: Recommended update for go1.24 Type: recommended Severity: important References: 1240764 This update for go1.24 fixes the following issues: - Fixed random segmentation faults (bsc#1240764) The following package changes have been done: - go1.24-doc-1.24.2-150000.1.20.1 updated - go1.24-1.24.2-150000.1.20.1 updated - go1.24-race-1.24.2-150000.1.20.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:30:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:30:41 +0200 (CEST) Subject: SUSE-CU-2025:3070-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250503073041.9A026FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3070-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.39 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.39 Severity : important Type : recommended References : ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:30:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:30:42 +0200 (CEST) Subject: SUSE-CU-2025:3071-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250503073042.8A269FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3071-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.40 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.40 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:31:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:31:31 +0200 (CEST) Subject: SUSE-CU-2025:3072-1: Security update of bci/kiwi Message-ID: <20250503073131.116CEFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3072-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-23.2 , bci/kiwi:latest Container Release : 23.2 Severity : important Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-tools-2.10.3-150500.5.26.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - java-21-openjdk-headless-21.0.7.0-150600.3.12.1 updated - libxml2-devel-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:32:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:32:36 +0200 (CEST) Subject: SUSE-CU-2025:3077-1: Security update of bci/openjdk-devel Message-ID: <20250503073236.A8E86FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3077-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-6.1 Container Release : 6.1 Severity : moderate Type : security References : 1175825 CVE-2020-8927 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). The following package changes have been done: - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added From sle-container-updates at lists.suse.com Sat May 3 07:32:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:32:37 +0200 (CEST) Subject: SUSE-CU-2025:3078-1: Recommended update of bci/openjdk-devel Message-ID: <20250503073237.748C4FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3078-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-6.3 Container Release : 6.3 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated - container:bci-openjdk-17-a9225edfdf033836b64a0c655fc9f34b6bda1c5f6d06b9535e29016b8af52853-0 updated From sle-container-updates at lists.suse.com Sat May 3 07:32:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:32:47 +0200 (CEST) Subject: SUSE-CU-2025:3079-1: Recommended update of bci/openjdk Message-ID: <20250503073247.31ADFFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3079-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-6.1 Container Release : 6.1 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated From sle-container-updates at lists.suse.com Sat May 3 07:33:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 09:33:33 +0200 (CEST) Subject: SUSE-CU-2025:3081-1: Recommended update of bci/openjdk-devel Message-ID: <20250503073333.F13B3FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3081-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.7.0 , bci/openjdk-devel:21.0.7.0-35.3 , bci/openjdk-devel:latest Container Release : 35.3 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated - container:bci-openjdk-21-0a4a1f602c95aed7aa9e25c84962a893e064919cb7d7109a462aa3ad4d17b697-0 updated From sle-container-updates at lists.suse.com Sat May 3 15:53:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 17:53:22 +0200 (CEST) Subject: SUSE-CU-2025:3084-1: Security update of suse/bind Message-ID: <20250503155322.5C4EAFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3084-1 Container Tags : suse/bind:9 , suse/bind:9-38.4 , suse/bind:9.18 , suse/bind:9.18.33 , suse/bind:latest Container Release : 38.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 15:57:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 17:57:09 +0200 (CEST) Subject: SUSE-CU-2025:3091-1: Security update of suse/nginx Message-ID: <20250503155709.1680AFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3091-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-52.4 , suse/nginx:latest Container Release : 52.4 Severity : important Type : security References : 1175825 1241453 1241551 CVE-2020-8927 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libxml2-2-2.10.3-150500.5.26.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 15:58:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 17:58:45 +0200 (CEST) Subject: SUSE-CU-2025:3081-1: Recommended update of bci/openjdk-devel Message-ID: <20250503155845.90B62FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3081-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.7.0 , bci/openjdk-devel:21.0.7.0-35.3 , bci/openjdk-devel:latest Container Release : 35.3 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated - container:bci-openjdk-21-0a4a1f602c95aed7aa9e25c84962a893e064919cb7d7109a462aa3ad4d17b697-0 updated From sle-container-updates at lists.suse.com Sat May 3 15:59:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 17:59:24 +0200 (CEST) Subject: SUSE-CU-2025:3095-1: Recommended update of bci/openjdk Message-ID: <20250503155924.46B2BFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3095-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.7.0 , bci/openjdk:21.0.7.0-35.1 , bci/openjdk:latest Container Release : 35.1 Severity : important Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) The following package changes have been done: - libfreetype6-2.10.4-150000.4.22.1 updated - java-21-openjdk-headless-21.0.7.0-150600.3.12.1 updated - java-21-openjdk-21.0.7.0-150600.3.12.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:00:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:00:01 +0200 (CEST) Subject: SUSE-CU-2025:3097-1: Security update of bci/php-apache Message-ID: <20250503160001.B69DEFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3097-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-50.4 , bci/php-apache:latest Container Release : 50.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 16:00:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:00:37 +0200 (CEST) Subject: SUSE-CU-2025:3098-1: Security update of bci/php-fpm Message-ID: <20250503160037.ACD17FD1A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3098-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.28 , bci/php-fpm:8.2.28-50.4 , bci/php-fpm:latest Container Release : 50.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 16:01:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:01:06 +0200 (CEST) Subject: SUSE-CU-2025:3099-1: Security update of bci/php Message-ID: <20250503160106.17F57FD12@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3099-1 Container Tags : bci/php:8 , bci/php:8.2.28 , bci/php:8.2.28-50.4 , bci/php:latest Container Release : 50.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 16:01:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:01:38 +0200 (CEST) Subject: SUSE-CU-2025:3100-1: Security update of suse/postgres Message-ID: <20250503160138.885D1FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3100-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-63.2 Container Release : 63.2 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:01:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:01:54 +0200 (CEST) Subject: SUSE-CU-2025:3101-1: Security update of suse/postgres Message-ID: <20250503160154.1E944FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3101-1 Container Tags : suse/postgres:17 , suse/postgres:17.4 , suse/postgres:17.4 , suse/postgres:17.4-44.4 , suse/postgres:latest Container Release : 44.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:04:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:04:27 +0200 (CEST) Subject: SUSE-CU-2025:3109-1: Security update of suse/mariadb Message-ID: <20250503160427.4780AFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3109-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-63.4 , suse/mariadb:latest Container Release : 63.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:04:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:04:49 +0200 (CEST) Subject: SUSE-CU-2025:3110-1: Security update of suse/rmt-server Message-ID: <20250503160449.3268EFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3110-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-63.4 , suse/rmt-server:latest Container Release : 63.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 16:07:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:07:12 +0200 (CEST) Subject: SUSE-CU-2025:3113-1: Security update of suse/sle15 Message-ID: <20250503160712.9FCB0FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3113-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.34 , suse/sle15:15.6 , suse/sle15:15.6.47.20.34 Container Release : 47.20.34 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:07:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:07:54 +0200 (CEST) Subject: SUSE-CU-2025:3114-1: Security update of bci/spack Message-ID: <20250503160754.B3B5EFD12@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3114-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-8.4 , bci/spack:latest Container Release : 8.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Sat May 3 16:09:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:09:37 +0200 (CEST) Subject: SUSE-CU-2025:3118-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250503160937.AD799FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3118-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.19 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.19 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - python3-libxml2-2.9.14-150400.5.41.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:10:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:10:27 +0200 (CEST) Subject: SUSE-CU-2025:3120-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250503161027.1E0E3FD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3120-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.26 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.26 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.14-150400.5.41.1 updated - container:sles15-ltss-image-15.4.0-2.38 updated From sle-container-updates at lists.suse.com Sat May 3 16:11:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:11:13 +0200 (CEST) Subject: SUSE-CU-2025:3121-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250503161113.6F06FFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3121-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.15 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.15 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1435-1 Released: Fri May 2 12:39:10 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.14-150400.5.41.1 updated - container:sles15-ltss-image-15.4.0-2.38 updated From sle-container-updates at lists.suse.com Sat May 3 16:14:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:14:14 +0200 (CEST) Subject: SUSE-CU-2025:3124-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250503161414.2B2C6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3124-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.117 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.117 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1439-1 Released: Fri May 2 15:44:33 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.7-150000.3.79.1 updated From sle-container-updates at lists.suse.com Sat May 3 16:18:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 3 May 2025 18:18:28 +0200 (CEST) Subject: SUSE-CU-2025:3127-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250503161828.92FE3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3127-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.119 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.119 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1439-1 Released: Fri May 2 15:44:33 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.9.7-150000.3.79.1 updated From sle-container-updates at lists.suse.com Sun May 4 07:08:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 4 May 2025 09:08:01 +0200 (CEST) Subject: SUSE-CU-2025:3130-1: Security update of suse/pcp Message-ID: <20250504070801.A01AFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3130-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-43.5 , suse/pcp:latest Container Release : 43.5 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:bci-bci-init-15.6-d60b9ffc68c5ccd005213c74dc06fd8c10dd7212837980b527862a5d740a6aff-0 updated From sle-container-updates at lists.suse.com Sun May 4 07:10:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 4 May 2025 09:10:12 +0200 (CEST) Subject: SUSE-CU-2025:3131-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250504071012.CA98CFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3131-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.33.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 33.4 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - libxml2-2-2.10.3-150500.5.26.1 updated - container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated From sle-container-updates at lists.suse.com Mon May 5 12:25:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 5 May 2025 14:25:52 +0200 (CEST) Subject: SUSE-IU-2025:1251-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250505122552.1CF78FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1251-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.168 , suse/sle-micro/base-5.5:latest Image Release : 5.8.168 Severity : important Type : recommended References : 1216938 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.15.1 updated - device-mapper-2.03.22_1.02.196-150500.7.15.1 updated - liblvm2cmd2_03-2.03.22-150500.7.15.1 updated - lvm2-2.03.22-150500.7.15.1 updated From sle-container-updates at lists.suse.com Mon May 5 12:28:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 5 May 2025 14:28:39 +0200 (CEST) Subject: SUSE-IU-2025:1254-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250505122839.02354FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1254-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.288 , suse/sle-micro/5.5:latest Image Release : 5.5.288 Severity : important Type : recommended References : 1216938 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.15.1 updated - device-mapper-2.03.22_1.02.196-150500.7.15.1 updated - liblvm2cmd2_03-2.03.22-150500.7.15.1 updated - lvm2-2.03.22-150500.7.15.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.168 updated From sle-container-updates at lists.suse.com Mon May 5 12:26:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 5 May 2025 14:26:35 +0200 (CEST) Subject: SUSE-IU-2025:1252-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250505122635.1A5AAFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1252-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.319 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.319 Severity : important Type : recommended References : 1216938 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.15.1 updated - device-mapper-2.03.22_1.02.196-150500.7.15.1 updated - liblvm2cmd2_03-2.03.22-150500.7.15.1 updated - lvm2-2.03.22-150500.7.15.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.168 updated From sle-container-updates at lists.suse.com Mon May 5 12:27:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 5 May 2025 14:27:37 +0200 (CEST) Subject: SUSE-IU-2025:1253-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250505122737.CC992FD12@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1253-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.377 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.377 Severity : important Type : recommended References : 1216938 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' The following package changes have been done: - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libdevmapper-event1_03-2.03.22_1.02.196-150500.7.15.1 updated - device-mapper-2.03.22_1.02.196-150500.7.15.1 updated - liblvm2cmd2_03-2.03.22-150500.7.15.1 updated - lvm2-2.03.22-150500.7.15.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.288 updated From sle-container-updates at lists.suse.com Tue May 6 07:05:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:05:22 +0200 (CEST) Subject: SUSE-IU-2025:1255-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250506070522.B7108FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1255-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.169 , suse/sle-micro/base-5.5:latest Image Release : 5.8.169 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:06:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:06:10 +0200 (CEST) Subject: SUSE-IU-2025:1256-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250506070610.DBB1CFC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1256-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.321 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.321 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.169 updated From sle-container-updates at lists.suse.com Tue May 6 07:07:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:07:14 +0200 (CEST) Subject: SUSE-IU-2025:1257-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250506070714.9C224FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1257-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.380 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.380 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.290 updated From sle-container-updates at lists.suse.com Tue May 6 07:08:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:08:25 +0200 (CEST) Subject: SUSE-IU-2025:1258-1: Security update of suse/sle-micro/5.5 Message-ID: <20250506070825.2600DFC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1258-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.290 , suse/sle-micro/5.5:latest Image Release : 5.5.290 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.169 updated From sle-container-updates at lists.suse.com Tue May 6 07:15:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:15:03 +0200 (CEST) Subject: SUSE-CU-2025:3151-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250506071503.9A403FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3151-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.127 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.127 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:19:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:19:16 +0200 (CEST) Subject: SUSE-CU-2025:3153-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250506071916.40763FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3153-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.127 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.127 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:20:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:20:36 +0200 (CEST) Subject: SUSE-CU-2025:3154-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250506072036.3A2FCFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3154-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.29 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.29 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:21:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:21:59 +0200 (CEST) Subject: SUSE-CU-2025:3156-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250506072159.172F4FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3156-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.78 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.78 , suse/ltss/sle15.3/sle15:latest Container Release : 2.78 Severity : moderate Type : security References : 1240897 1241020 1241078 CVE-2025-29087 CVE-2025-29088 CVE-2025-3360 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1457-1 Released: Mon May 5 12:56:32 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.27.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:23:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:23:14 +0200 (CEST) Subject: SUSE-CU-2025:3158-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250506072314.D3487FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3158-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.39 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.39 , suse/ltss/sle15.4/sle15:latest Container Release : 2.39 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:26:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:26:06 +0200 (CEST) Subject: SUSE-CU-2025:3159-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250506072606.AC1C3FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3159-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.29 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.29 , suse/ltss/sle15.5/sle15:latest Container Release : 4.29 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:26:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:26:53 +0200 (CEST) Subject: SUSE-CU-2025:3160-1: Security update of suse/389-ds Message-ID: <20250506072653.D7513FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3160-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-37.5 , suse/389-ds:latest Container Release : 37.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:28:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:28:37 +0200 (CEST) Subject: SUSE-CU-2025:3164-1: Security update of suse/cosign Message-ID: <20250506072837.01B6FFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3164-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.0 , suse/cosign:2.5.0-3.4 , suse/cosign:latest Container Release : 3.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:34:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:34:22 +0200 (CEST) Subject: SUSE-CU-2025:3174-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250506073422.D90E6FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3174-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.42 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.42 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Tue May 6 07:36:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:36:00 +0200 (CEST) Subject: SUSE-CU-2025:3176-1: Security update of bci/kiwi Message-ID: <20250506073600.BA268FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3176-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-23.7 , bci/kiwi:latest Container Release : 23.7 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:38:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:38:00 +0200 (CEST) Subject: SUSE-CU-2025:3180-1: Security update of bci/openjdk-devel Message-ID: <20250506073800.AF877FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3180-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.14.0 , bci/openjdk-devel:17.0.14.0-6.7 Container Release : 6.7 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:bci-openjdk-17-c2f15014ed68e51ecb2913fc23ebf597ac3699871e5ff1134af86af1af45f43e-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:38:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:38:14 +0200 (CEST) Subject: SUSE-CU-2025:3181-1: Security update of bci/openjdk Message-ID: <20250506073814.5ACB4FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3181-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.14.0 , bci/openjdk:17.0.14.0-6.5 Container Release : 6.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:39:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:39:07 +0200 (CEST) Subject: SUSE-CU-2025:3182-1: Security update of bci/openjdk Message-ID: <20250506073907.A3979FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3182-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.7.0 , bci/openjdk:21.0.7.0-35.5 , bci/openjdk:latest Container Release : 35.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:43:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:43:35 +0200 (CEST) Subject: SUSE-CU-2025:3187-1: Security update of bci/python Message-ID: <20250506074335.15FD1FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3187-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-64.5 Container Release : 64.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:44:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:44:32 +0200 (CEST) Subject: SUSE-CU-2025:3188-1: Security update of bci/python Message-ID: <20250506074432.5F5A6FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3188-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-65.5 , bci/python:latest Container Release : 65.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:45:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:45:25 +0200 (CEST) Subject: SUSE-CU-2025:3189-1: Security update of bci/python Message-ID: <20250506074525.9777CFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3189-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-62.5 Container Release : 62.5 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Tue May 6 07:46:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 May 2025 09:46:03 +0200 (CEST) Subject: SUSE-CU-2025:3190-1: Security update of suse/rmt-server Message-ID: <20250506074603.E0C17FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3190-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-63.6 , suse/rmt-server:latest Container Release : 63.6 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Wed May 7 07:04:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:04:22 +0200 (CEST) Subject: SUSE-CU-2025:3193-1: Security update of containers/pytorch Message-ID: <20250507070422.5B73DFC2E@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3193-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.5.0-nvidia , containers/pytorch:2.5.0-nvidia-1.34 Container Release : 1.34 Severity : important Type : security References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 1227637 1233307 1234015 1234128 1234713 1236165 1236643 1236886 1237374 1237606 1238450 1238610 1239210 1239618 1239883 1240414 1241453 1241551 CVE-2024-11168 CVE-2024-8176 CVE-2025-1632 CVE-2025-1795 CVE-2025-25724 CVE-2025-31115 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:915-1 Released: Wed Mar 19 08:04:05 2025 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942 This update for libgcrypt fixes the following issues: - FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939] - FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939] - FIPS: Disable setting the library in non-FIPS mode [bsc#1220893] - FIPS: Disallow rsa < 2048 [bsc#1225941] * Mark RSA operations with keysize < 2048 as non-approved in the SLI - FIPS: Service level indicator for libgcrypt [bsc#1225939] - FIPS: Consider deprecate sha1 [bsc#1225942] * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at the end of 2030. Mark SHA1 as non-approved in SLI. - FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936] * cipher: Do not run RSA encryption selftest by default - FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the whole length entropy buffer in FIPS mode. [bsc#1220893] - FIPS: Set the FSM into error state if Jitter RNG is returning an error code to the caller when an health test error occurs when random bytes are requested through the jent_read_entropy_safe() function. [bsc#1220895] - FIPS: Replace the built-in jitter rng with standalone version * Remove the internal jitterentropy copy [bsc#1220896] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:969-1 Released: Thu Mar 20 14:28:47 2025 Summary: Recommended update for crypto-policies Type: recommended Severity: moderate References: 1227637,1236165 This update for crypto-policies fixes the following issues: - Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637). - tolerate fips dracut module presence w/o FIPS * Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode (bsc#1236165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:982-1 Released: Fri Mar 21 15:17:03 2025 Summary: Security update for python311 Type: security Severity: low References: 1238450,1239210,CVE-2025-1795 This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:985-1 Released: Fri Mar 21 18:45:14 2025 Summary: Security update for libarchive Type: security Severity: moderate References: 1237606,1238610,CVE-2025-1632,CVE-2025-25724 This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1016-1 Released: Tue Mar 25 15:59:05 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236643,1236886 This update for systemd fixes the following issues: - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - journald: close runtime journals before their parent directory removed - journald: reset runtime seqnum data when flushing to system journal (bsc#1236886) - Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643) It is likely an oversight from when systemd-userdb was migrated from the experimental package to the main one. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) The following package changes have been done: - glibc-2.38-150600.14.26.1 updated - crypto-policies-20230920.570ea89-150600.3.9.2 updated - cuda-cccl-12-8-12.8.90-150600.4.1 added - cuda-crt-12-8-12.8.93-150600.4.1 added - cuda-nvrtc-12-8-12.8.93-150600.4.1 added - cuda-nvvm-12-8-12.8.93-150600.4.1 added - cuda-toolkit-12-8-config-common-12.8.90-150600.4.1 added - cuda-toolkit-12-config-common-12.8.90-150600.4.1 updated - cuda-toolkit-config-common-12.8.90-150600.4.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libsqlite3-0-3.46.0-150600.1.10 updated - libudev1-254.24-150600.4.28.1 updated - libzstd1-1.5.6-150600.1.10 updated - libnvjitlink-12-8-12.8.93-150600.4.1 added - libcurand-12-8-10.3.9.90-150600.4.1 added - libcufft-12-8-11.3.3.83-150600.4.1 added - libcublas-12-8-12.8.4.1-150600.2.1 added - cuda-cudart-12-8-12.8.90-150600.4.1 added - pkg-config-0.29.2-150600.15.6.3 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libprotobuf25_5_0-25.5-150600.2.61 updated - libcusparse-12-8-12.5.8.93-150600.4.1 added - cuda-nvtx-12-8-12.8.90-150600.4.1 added - cuda-driver-devel-12-8-12.8.90-150600.2.1 added - libpython3_11-1_0-3.11.11-150600.3.21.1 updated - python311-base-3.11.11-150600.3.21.1 updated - libarchive13-3.7.2-150600.3.12.1 updated - python3-base-3.6.15-150300.10.84.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libcusolver-12-8-11.7.3.90-150600.4.1 added - glibc-devel-2.38-150600.14.29.1 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - python311-typing_extensions-4.12.2-150600.1.12 updated - python311-six-1.16.0-150600.1.13 updated - python311-protobuf-4.25.5-150600.2.61 updated - python311-numpy-2.1.1-150600.1.37 updated - python311-torch-cuda-2.5.0-150600.2.18 updated - container:registry.suse.com-bci-bci-base-15.6.47.5.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated - cuda-cccl-12-5-12.5.39-150600.2.3 removed - cuda-crt-12-5-12.5.82-150600.2.3 removed - cuda-cudart-12-5-12.5.82-150600.2.3 removed - cuda-driver-devel-12-5-12.5.82-150600.1.14 removed - cuda-nvrtc-12-5-12.5.82-150600.2.3 removed - cuda-nvtx-12-5-12.5.82-150600.2.3 removed - cuda-nvvm-12-5-12.5.82-150600.2.3 removed - cuda-toolkit-12-5-config-common-12.5.82-150600.2.3 removed - libcublas-12-5-12.5.3.2-150600.1.12 removed - libcufft-12-5-11.2.3.61-150600.2.3 removed - libcurand-12-5-10.3.6.82-150600.2.3 removed - libcusolver-12-5-11.6.3.83-150600.2.3 removed - libcusparse-12-5-12.5.1.3-150600.2.3 removed - libnvjitlink-12-5-12.5.82-150600.2.3 removed From sle-container-updates at lists.suse.com Wed May 7 07:26:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:26:47 +0200 (CEST) Subject: SUSE-CU-2025:3234-1: Security update of bci/openjdk-devel Message-ID: <20250507072647.EB332FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3234-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.15.0 , bci/openjdk-devel:17.0.15.0-7.1 Container Release : 7.1 Severity : important Type : security References : 1241274 1241275 1241276 CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1490-1 Released: Tue May 6 13:48:24 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1241274,1241275,1241276,CVE-2025-21587,CVE-2025-30691,CVE-2025-30698 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through + JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 + JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with 'Uncaught exception thrown in test method Test4089106' + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 + JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because '' is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes 'monitor end should be strictly below the frame pointer' assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb 'info threads' command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 The following package changes have been done: - java-17-openjdk-headless-17.0.15.0-150400.3.54.1 updated - java-17-openjdk-17.0.15.0-150400.3.54.1 updated - java-17-openjdk-devel-17.0.15.0-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:26:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:26:57 +0200 (CEST) Subject: SUSE-CU-2025:3235-1: Security update of bci/openjdk Message-ID: <20250507072657.E1A93FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3235-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.15.0 , bci/openjdk:17.0.15.0-7.1 Container Release : 7.1 Severity : important Type : security References : 1241274 1241275 1241276 CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1490-1 Released: Tue May 6 13:48:24 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1241274,1241275,1241276,CVE-2025-21587,CVE-2025-30691,CVE-2025-30698 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through + JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 + JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with 'Uncaught exception thrown in test method Test4089106' + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 + JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because '' is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes 'monitor end should be strictly below the frame pointer' assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb 'info threads' command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 The following package changes have been done: - java-17-openjdk-headless-17.0.15.0-150400.3.54.1 updated - java-17-openjdk-17.0.15.0-150400.3.54.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:27:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:27:39 +0200 (CEST) Subject: SUSE-CU-2025:3236-1: Security update of bci/openjdk-devel Message-ID: <20250507072739.EF83BFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3236-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.7.0 , bci/openjdk-devel:21.0.7.0-35.8 , bci/openjdk-devel:latest Container Release : 35.8 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:bci-openjdk-21-b95c4380b803f939a8e69c758a4be1156e764f9f7584f37ec6ea74b02939e996-0 updated From sle-container-updates at lists.suse.com Wed May 7 07:33:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:33:52 +0200 (CEST) Subject: SUSE-CU-2025:3190-1: Security update of suse/rmt-server Message-ID: <20250507073352.CAA40FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3190-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-63.6 , suse/rmt-server:latest Container Release : 63.6 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Wed May 7 07:34:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:34:26 +0200 (CEST) Subject: SUSE-CU-2025:3252-1: Security update of bci/ruby Message-ID: <20250507073426.42048FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3252-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-33.4 , bci/ruby:latest Container Release : 33.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - sqlite3-devel-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:37:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:37:12 +0200 (CEST) Subject: SUSE-CU-2025:3259-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250507073712.4A2B0FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3259-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.33.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 33.6 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Wed May 7 07:37:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:37:41 +0200 (CEST) Subject: SUSE-CU-2025:3261-1: Security update of suse/sle15 Message-ID: <20250507073741.A2F45FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3261-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.35 , suse/sle15:15.6 , suse/sle15:15.6.47.20.35 Container Release : 47.20.35 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:38:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:38:19 +0200 (CEST) Subject: SUSE-CU-2025:3262-1: Security update of bci/spack Message-ID: <20250507073819.1CA9CFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3262-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-8.6 , bci/spack:latest Container Release : 8.6 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 updated From sle-container-updates at lists.suse.com Wed May 7 07:39:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:39:19 +0200 (CEST) Subject: SUSE-CU-2025:3272-1: Security update of bci/python Message-ID: <20250507073919.A723FFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3272-1 Container Tags : bci/python:3.13 , bci/python:3.13.0 , bci/python:3.13.0-7.4 Container Release : 7.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-image-15.7.0-4.2.69 updated From sle-container-updates at lists.suse.com Wed May 7 07:39:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:39:30 +0200 (CEST) Subject: SUSE-CU-2025:3273-1: Security update of bci/ruby Message-ID: <20250507073930.26719FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3273-1 Container Tags : bci/ruby:3 , bci/ruby:3.4 , bci/ruby:3.4-6.4 Container Release : 6.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - sqlite3-devel-3.49.1-150000.3.27.1 updated - container:sles15-image-15.7.0-4.2.69 updated From sle-container-updates at lists.suse.com Wed May 7 07:39:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:39:43 +0200 (CEST) Subject: SUSE-CU-2025:3274-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20250507073943.503E5FC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3274-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-5.4 Container Release : 5.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-image-15.7.0-4.2.69 updated From sle-container-updates at lists.suse.com Wed May 7 07:39:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:39:56 +0200 (CEST) Subject: SUSE-CU-2025:3275-1: Security update of suse/sle15 Message-ID: <20250507073956.3FD61FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3275-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-4.2.69 , suse/sle15:15.7 , suse/sle15:15.7-4.2.69 Container Release : 4.2.69 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:40:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:40:04 +0200 (CEST) Subject: SUSE-CU-2025:3276-1: Security update of bci/spack Message-ID: <20250507074004.35A3FFC2E@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3276-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-9.4 Container Release : 9.4 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libgpg-error0-1.50-150700.1.8 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libblkid1-2.40.4-150700.2.4 updated - libopenssl3-3.2.3-150700.3.20 updated - libgcrypt20-1.11.0-150700.3.5 updated - libmount1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - permissions-20240826-150700.14.4 updated - openssl-3-3.2.3-150700.3.20 updated - libnettle8-3.10.1-150700.2.16 updated - libopenssl1_1-1.1.1w-150700.9.37 updated - libhogweed6-3.10.1-150700.2.16 updated - libopenssl-3-devel-3.2.3-150700.3.20 updated - container:sles15-image-15.7.0-4.2.69 updated From sle-container-updates at lists.suse.com Wed May 7 07:41:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:41:12 +0200 (CEST) Subject: SUSE-CU-2025:3282-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250507074112.AAB71FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3282-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.21 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.21 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-ltss-image-15.4.0-2.39 updated From sle-container-updates at lists.suse.com Wed May 7 07:41:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:41:13 +0200 (CEST) Subject: SUSE-CU-2025:3283-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250507074113.53C38FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3283-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.22 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.22 Severity : important Type : recommended References : 1232234 1234452 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1486-1 Released: Tue May 6 12:00:21 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) The following package changes have been done: - libapparmor1-3.0.4-150400.5.15.1 updated From sle-container-updates at lists.suse.com Wed May 7 07:41:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:41:56 +0200 (CEST) Subject: SUSE-CU-2025:3284-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250507074156.01068FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3284-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.27 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.27 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-ltss-image-15.4.0-2.39 updated From sle-container-updates at lists.suse.com Wed May 7 07:42:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:42:35 +0200 (CEST) Subject: SUSE-CU-2025:3285-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20250507074235.AE3F5FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3285-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.16 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.16 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-ltss-image-15.4.0-2.39 updated From sle-container-updates at lists.suse.com Wed May 7 07:43:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:43:17 +0200 (CEST) Subject: SUSE-CU-2025:3286-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250507074317.13C23FC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3286-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.15 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.15 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-ltss-image-15.4.0-2.39 updated From sle-container-updates at lists.suse.com Wed May 7 07:43:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:43:59 +0200 (CEST) Subject: SUSE-CU-2025:3287-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20250507074359.DE75CFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3287-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.16 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.16 Severity : moderate Type : security References : 1241020 1241078 CVE-2025-29087 CVE-2025-29088 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - libsqlite3-0-3.49.1-150000.3.27.1 updated - container:sles15-ltss-image-15.4.0-2.39 updated From sle-container-updates at lists.suse.com Wed May 7 07:45:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 09:45:12 +0200 (CEST) Subject: SUSE-CU-2025:3288-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250507074512.30DDAFC2E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3288-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.118 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.118 Severity : moderate Type : security References : 1240897 1241020 1241078 CVE-2025-29087 CVE-2025-29088 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1457-1 Released: Mon May 5 12:56:32 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.27.1 updated - libgmodule-2_0-0-2.62.6-150200.3.27.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Wed May 7 09:24:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 11:24:25 +0200 (CEST) Subject: SUSE-CU-2025:3288-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250507092425.79799FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3288-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.118 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.118 Severity : moderate Type : security References : 1240897 1241020 1241078 CVE-2025-29087 CVE-2025-29088 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1457-1 Released: Mon May 5 12:56:32 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.27.1 updated - libgmodule-2_0-0-2.62.6-150200.3.27.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Wed May 7 09:28:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 May 2025 11:28:54 +0200 (CEST) Subject: SUSE-CU-2025:3292-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250507092854.D1EECFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3292-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.120 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.120 Severity : moderate Type : security References : 1240897 1241020 1241078 CVE-2025-29087 CVE-2025-29088 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Mon May 5 12:52:08 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - CVE-2025-29087: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1457-1 Released: Mon May 5 12:56:32 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.27.1 updated - libgmodule-2_0-0-2.62.6-150200.3.27.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated From sle-container-updates at lists.suse.com Thu May 8 07:06:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 May 2025 09:06:47 +0200 (CEST) Subject: SUSE-IU-2025:1282-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250508070647.65E1DFC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1282-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.383 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.383 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150500.11.18.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.292 updated From sle-container-updates at lists.suse.com Thu May 8 07:08:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 May 2025 09:08:18 +0200 (CEST) Subject: SUSE-IU-2025:1284-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250508070818.44474FC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1284-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-6.20 , suse/sl-micro/6.0/base-os-container:latest Image Release : 6.20 Severity : moderate Type : recommended References : 1227316 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 311 Released: Wed May 7 08:55:18 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issues: - Fixed handling of po files with malformed header (bsc#1227316) The following package changes have been done: - libtextstyle0-0.21.1-6.1 updated - gettext-runtime-0.21.1-6.1 updated - SL-Micro-release-6.0-25.22 updated From sle-container-updates at lists.suse.com Thu May 8 07:10:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 May 2025 09:10:46 +0200 (CEST) Subject: SUSE-IU-2025:1288-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20250508071046.CC88EFC2E@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1288-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.26 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.26 Severity : moderate Type : recommended References : 1227316 1230778 CVE-2024-7254 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 91 Released: Wed May 7 09:09:03 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316,1230778,CVE-2024-7254 This update for gettext-runtime fixes the following issues: - Fixed handling of po files with malformed header (bsc#1227316) The following package changes have been done: - libtextstyle0-0.21.1-slfo.1.1_2.1 updated - gettext-runtime-0.21.1-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.24 updated - container:suse-toolbox-image-1.0.0-4.26 updated From sle-container-updates at lists.suse.com Fri May 9 07:05:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:05:44 +0200 (CEST) Subject: SUSE-IU-2025:1291-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250509070544.06C6DF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1291-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.170 , suse/sle-micro/base-5.5:latest Image Release : 5.8.170 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150500.11.18.1 updated - apparmor-parser-3.0.4-150500.11.18.1 updated From sle-container-updates at lists.suse.com Fri May 9 07:06:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:06:24 +0200 (CEST) Subject: SUSE-IU-2025:1292-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250509070624.DD045F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1292-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.324 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.324 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150500.11.18.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.170 updated From sle-container-updates at lists.suse.com Fri May 9 07:07:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:07:25 +0200 (CEST) Subject: SUSE-IU-2025:1293-1: Security update of suse/sle-micro/5.5 Message-ID: <20250509070725.C57A4F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1293-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.292 , suse/sle-micro/5.5:latest Image Release : 5.5.292 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150500.11.18.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.170 updated From sle-container-updates at lists.suse.com Fri May 9 07:09:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:09:24 +0200 (CEST) Subject: SUSE-IU-2025:1294-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250509070924.52698F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1294-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.29 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.29 Severity : important Type : security References : 1159034 1194818 1218609 1220117 1221831 1223605 1224285 1225197 1225598 1229476 1231472 1236619 CVE-2024-28085 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 92 Released: Thu May 8 08:35:42 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9 - modified patches ----------------------------------------------------------------- Advisory ID: 94 Released: Thu May 8 14:24:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; ((bsc#1236619). ----------------------------------------------------------------- Advisory ID: 95 Released: Thu May 8 14:25:53 2025 Summary: Security update for util-linux Type: security Severity: important References: 1159034,1194818,1218609,1220117,1221831,1223605,1224285,1225197,1225598,1229476,CVE-2024-28085 This update for util-linux fixes the following issues: - Updated to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818) * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf - Refresh util-linux.keyring. Key validity was extended. - Update to version 2.40.2: * cfdisk: fix possible integer overflow * libmount: improving robustness in reading kernel messages, add pidfs to pseudo fs list * lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598) * lsfd: Refactor the pidfd logic, support pidfs * mkswap.8.adoc: update note regarding swapfile creation * setpgid: make -f work - Enable kernel mountfd API, as it should be already stable (PED-9752). - Move autoreconf back to %build. - Add devel dependencies. - Remove util-linux-rpmlintrc. It is no more needed with multibuild. - uncomment 'autoreconf --install' to use the new version of automake - disable libmagic in more(1) for binary detection (bsc#1225197) - add support for pidfs in kernel 6.9 (bsc#1224285) - Update to version 2.40.1: * more: clean processes not cleaned up after failed SSH session using up 100% CPU (bsc#1220117) * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831) * chcpu: document limitations of -g (bsc#1218609) * lscpu: even more Arm part numbers (bsc#1223605) The following package changes have been done: - libuuid1-2.40.4-slfo.1.1_1.1 updated - libsmartcols1-2.40.4-slfo.1.1_1.1 updated - libblkid1-2.40.4-slfo.1.1_1.1 updated - findutils-4.9.0-slfo.1.1_2.1 updated - libmount1-2.40.4-slfo.1.1_1.1 updated - libfdisk1-2.40.4-slfo.1.1_1.1 updated - util-linux-2.40.4-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.27 updated - util-linux-systemd-2.40.4-slfo.1.1_1.1 updated - krb5-1.21.3-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.29 updated From sle-container-updates at lists.suse.com Fri May 9 07:09:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:09:40 +0200 (CEST) Subject: SUSE-IU-2025:1295-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250509070940.DABBCF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1295-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.29 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.29 Severity : important Type : security References : 1159034 1194818 1218609 1220117 1221831 1223605 1224285 1225197 1225598 1229476 1231472 1236619 CVE-2024-28085 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 92 Released: Thu May 8 08:35:42 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9 - modified patches ----------------------------------------------------------------- Advisory ID: 94 Released: Thu May 8 14:24:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; ((bsc#1236619). ----------------------------------------------------------------- Advisory ID: 95 Released: Thu May 8 14:25:53 2025 Summary: Security update for util-linux Type: security Severity: important References: 1159034,1194818,1218609,1220117,1221831,1223605,1224285,1225197,1225598,1229476,CVE-2024-28085 This update for util-linux fixes the following issues: - Updated to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818) * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf - Refresh util-linux.keyring. Key validity was extended. - Update to version 2.40.2: * cfdisk: fix possible integer overflow * libmount: improving robustness in reading kernel messages, add pidfs to pseudo fs list * lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598) * lsfd: Refactor the pidfd logic, support pidfs * mkswap.8.adoc: update note regarding swapfile creation * setpgid: make -f work - Enable kernel mountfd API, as it should be already stable (PED-9752). - Move autoreconf back to %build. - Add devel dependencies. - Remove util-linux-rpmlintrc. It is no more needed with multibuild. - uncomment 'autoreconf --install' to use the new version of automake - disable libmagic in more(1) for binary detection (bsc#1225197) - add support for pidfs in kernel 6.9 (bsc#1224285) - Update to version 2.40.1: * more: clean processes not cleaned up after failed SSH session using up 100% CPU (bsc#1220117) * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831) * chcpu: document limitations of -g (bsc#1218609) * lscpu: even more Arm part numbers (bsc#1223605) The following package changes have been done: - libuuid1-2.40.4-slfo.1.1_1.1 updated - libsmartcols1-2.40.4-slfo.1.1_1.1 updated - libblkid1-2.40.4-slfo.1.1_1.1 updated - findutils-4.9.0-slfo.1.1_2.1 updated - libmount1-2.40.4-slfo.1.1_1.1 updated - libfdisk1-2.40.4-slfo.1.1_1.1 updated - util-linux-2.40.4-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.27 updated - util-linux-systemd-2.40.4-slfo.1.1_1.1 updated - krb5-1.21.3-slfo.1.1_2.1 updated - container:suse-toolbox-image-1.0.0-4.29 updated From sle-container-updates at lists.suse.com Fri May 9 07:09:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:09:58 +0200 (CEST) Subject: SUSE-IU-2025:1296-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250509070958.3A86FF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1296-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.28 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.28 Severity : important Type : security References : 1159034 1194818 1218609 1220117 1221831 1223605 1224285 1225197 1225598 1229476 1231472 1236619 CVE-2024-28085 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 92 Released: Thu May 8 08:35:42 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9 - modified patches ----------------------------------------------------------------- Advisory ID: 94 Released: Thu May 8 14:24:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; ((bsc#1236619). ----------------------------------------------------------------- Advisory ID: 95 Released: Thu May 8 14:25:53 2025 Summary: Security update for util-linux Type: security Severity: important References: 1159034,1194818,1218609,1220117,1221831,1223605,1224285,1225197,1225598,1229476,CVE-2024-28085 This update for util-linux fixes the following issues: - Updated to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818) * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf - Refresh util-linux.keyring. Key validity was extended. - Update to version 2.40.2: * cfdisk: fix possible integer overflow * libmount: improving robustness in reading kernel messages, add pidfs to pseudo fs list * lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598) * lsfd: Refactor the pidfd logic, support pidfs * mkswap.8.adoc: update note regarding swapfile creation * setpgid: make -f work - Enable kernel mountfd API, as it should be already stable (PED-9752). - Move autoreconf back to %build. - Add devel dependencies. - Remove util-linux-rpmlintrc. It is no more needed with multibuild. - uncomment 'autoreconf --install' to use the new version of automake - disable libmagic in more(1) for binary detection (bsc#1225197) - add support for pidfs in kernel 6.9 (bsc#1224285) - Update to version 2.40.1: * more: clean processes not cleaned up after failed SSH session using up 100% CPU (bsc#1220117) * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831) * chcpu: document limitations of -g (bsc#1218609) * lscpu: even more Arm part numbers (bsc#1223605) The following package changes have been done: - libuuid1-2.40.4-slfo.1.1_1.1 updated - libsmartcols1-2.40.4-slfo.1.1_1.1 updated - libblkid1-2.40.4-slfo.1.1_1.1 updated - findutils-4.9.0-slfo.1.1_2.1 updated - libmount1-2.40.4-slfo.1.1_1.1 updated - libfdisk1-2.40.4-slfo.1.1_1.1 updated - util-linux-2.40.4-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.27 updated - krb5-1.21.3-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.29 updated - file-magic-5.44-slfo.1.1_1.4 removed - libmagic1-5.44-slfo.1.1_1.4 removed From sle-container-updates at lists.suse.com Fri May 9 07:10:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:10:17 +0200 (CEST) Subject: SUSE-IU-2025:1297-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250509071017.E0056F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1297-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.30 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.30 Severity : moderate Type : recommended References : 1231472 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 92 Released: Thu May 8 08:35:42 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issues: - do not crash when file system loop was encountered (bsc#1231472) - added patches fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9 - modified patches The following package changes have been done: - findutils-4.9.0-slfo.1.1_2.1 updated - SL-Micro-release-6.1-slfo.1.11.26 updated - container:SL-Micro-container-2.2.0-4.28 updated From sle-container-updates at lists.suse.com Fri May 9 07:10:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 9 May 2025 09:10:18 +0200 (CEST) Subject: SUSE-IU-2025:1298-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250509071018.B7B96F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1298-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.31 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.31 Severity : important Type : security References : 1159034 1194818 1218609 1220117 1221831 1223605 1224285 1225197 1225598 1229476 1236619 CVE-2024-28085 CVE-2025-24528 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 94 Released: Thu May 8 14:24:20 2025 Summary: Security update for krb5 Type: security Severity: moderate References: 1236619,CVE-2025-24528 This update for krb5 fixes the following issues: - CVE-2025-24528: Prevent overflow when calculating ulog block size. An authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash; ((bsc#1236619). ----------------------------------------------------------------- Advisory ID: 95 Released: Thu May 8 14:25:53 2025 Summary: Security update for util-linux Type: security Severity: important References: 1159034,1194818,1218609,1220117,1221831,1223605,1224285,1225197,1225598,1229476,CVE-2024-28085 This update for util-linux fixes the following issues: - Updated to version 2.40.4: * agetty: Prevent cursor escape (bsc#1194818) * chcpu(8): Document CPU deconfiguring behavior * fdisk: SGI fixes * hardlink: fix memory corruption * hardlink.1 directory|file is mandatory * lib/env: fix env_list_setenv() for strings without '=' * libblkid: (exfat) validate fields used by prober (gpt) use blkid_probe_verify_csum() for partition array checksum add FSLASTBLOCK for swaparea bitlocker fix version on big-endian systems * libfdisk: make sure libblkid uses the same sector size * libmount: extract common error handling function propagate first error of multiple filesystem types * logger: correctly format tv_usec * lscpu: Skip aarch64 decode path for rest of the architectures (bsc#1229476) * lsns: ignore ESRCH errors reported when accessing files under /proc * mkswap: set selinux label also when creating file * more: make sure we have data on stderr * nsenter: support empty environ * umount, losetup: Document loop destroy behavior (bsc#1159034). * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf fix /var/lib/libuuid mode uuidd-tmpfiles.conf - Refresh util-linux.keyring. Key validity was extended. - Update to version 2.40.2: * cfdisk: fix possible integer overflow * libmount: improving robustness in reading kernel messages, add pidfs to pseudo fs list * lscpu: New Arm Cortex part numbers fix hang of lscpu -e (bsc#1225598) * lsfd: Refactor the pidfd logic, support pidfs * mkswap.8.adoc: update note regarding swapfile creation * setpgid: make -f work - Enable kernel mountfd API, as it should be already stable (PED-9752). - Move autoreconf back to %build. - Add devel dependencies. - Remove util-linux-rpmlintrc. It is no more needed with multibuild. - uncomment 'autoreconf --install' to use the new version of automake - disable libmagic in more(1) for binary detection (bsc#1225197) - add support for pidfs in kernel 6.9 (bsc#1224285) - Update to version 2.40.1: * more: clean processes not cleaned up after failed SSH session using up 100% CPU (bsc#1220117) * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831) * chcpu: document limitations of -g (bsc#1218609) * lscpu: even more Arm part numbers (bsc#1223605) The following package changes have been done: - libuuid1-2.40.4-slfo.1.1_1.1 updated - libsmartcols1-2.40.4-slfo.1.1_1.1 updated - libblkid1-2.40.4-slfo.1.1_1.1 updated - libmount1-2.40.4-slfo.1.1_1.1 updated - libfdisk1-2.40.4-slfo.1.1_1.1 updated - util-linux-2.40.4-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.27 updated - krb5-1.21.3-slfo.1.1_2.1 updated - container:SL-Micro-container-2.2.0-4.29 updated - file-magic-5.44-slfo.1.1_1.4 removed - libmagic1-5.44-slfo.1.1_1.4 removed From sle-container-updates at lists.suse.com Sat May 10 07:04:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:04:39 +0200 (CEST) Subject: SUSE-IU-2025:1299-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250510070439.62E51F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1299-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.30 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.30 Severity : important Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 97 Released: Fri May 9 08:41:53 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). Add patch for the description of these schemes in the relevant man page. - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 - journald: * close runtime journals before their parent directory removed * reset runtime seqnum data when flushing to system journal (bsc#1236886) The following package changes have been done: - libudev1-254.24-slfo.1.1_1.1 updated - libsystemd0-254.24-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.28 updated - systemd-254.24-slfo.1.1_1.1 updated - udev-254.24-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.30 updated From sle-container-updates at lists.suse.com Sat May 10 07:05:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:05:09 +0200 (CEST) Subject: SUSE-IU-2025:1300-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20250510070509.10992F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1300-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.30 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.30 Severity : important Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 97 Released: Fri May 9 08:41:53 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). Add patch for the description of these schemes in the relevant man page. - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 - journald: * close runtime journals before their parent directory removed * reset runtime seqnum data when flushing to system journal (bsc#1236886) The following package changes have been done: - libudev1-254.24-slfo.1.1_1.1 updated - libsystemd0-254.24-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.28 updated - systemd-254.24-slfo.1.1_1.1 updated - udev-254.24-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-4.30 updated From sle-container-updates at lists.suse.com Sat May 10 07:05:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:05:39 +0200 (CEST) Subject: SUSE-IU-2025:1301-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250510070539.AC1F6F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1301-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.29 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.29 Severity : important Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 97 Released: Fri May 9 08:41:53 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). Add patch for the description of these schemes in the relevant man page. - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 - journald: * close runtime journals before their parent directory removed * reset runtime seqnum data when flushing to system journal (bsc#1236886) The following package changes have been done: - libudev1-254.24-slfo.1.1_1.1 updated - libsystemd0-254.24-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.28 updated - systemd-254.24-slfo.1.1_1.1 updated - udev-254.24-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.30 updated From sle-container-updates at lists.suse.com Sat May 10 07:06:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:06:18 +0200 (CEST) Subject: SUSE-IU-2025:1302-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250510070618.533AAF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1302-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.32 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.32 Severity : important Type : recommended References : 1234015 1236886 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 97 Released: Fri May 9 08:41:53 2025 Summary: Recommended update for systemd Type: recommended Severity: important References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). Add patch for the description of these schemes in the relevant man page. - udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) - For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/b4693652f317dbae80e31b978f51e695a23fa3d0...0d0f2dbfc4c901dca09fdd3d5b744b5339e0e991 - journald: * close runtime journals before their parent directory removed * reset runtime seqnum data when flushing to system journal (bsc#1236886) The following package changes have been done: - libudev1-254.24-slfo.1.1_1.1 updated - libsystemd0-254.24-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.28 updated - systemd-254.24-slfo.1.1_1.1 updated - udev-254.24-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.0-4.30 updated From sle-container-updates at lists.suse.com Sat May 10 07:09:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:09:54 +0200 (CEST) Subject: SUSE-CU-2025:3346-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250510070954.AA4F7F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3346-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.79 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.79 , suse/ltss/sle15.3/sle15:latest Container Release : 2.79 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1526-1 Released: Fri May 9 17:21:06 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150200.43.1 updated - libsolv-tools-0.7.32-150200.43.1 updated - libzypp-17.36.7-150200.153.1 updated - zypper-1.14.89-150200.111.1 updated From sle-container-updates at lists.suse.com Sat May 10 07:20:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:20:10 +0200 (CEST) Subject: SUSE-CU-2025:3360-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20250510072010.56263F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3360-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.4 , suse/manager/5.0/x86_64/server:5.0.4.7.21.2 , suse/manager/5.0/x86_64/server:latest Container Release : 7.21.2 Severity : important Type : security References : 1232234 1241020 1241078 1241189 1241274 1241275 1241276 1241453 1241551 1242008 1242009 CVE-2024-10041 CVE-2025-21587 CVE-2025-29087 CVE-2025-29088 CVE-2025-30691 CVE-2025-30698 CVE-2025-31650 CVE-2025-31651 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1490-1 Released: Tue May 6 13:48:24 2025 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1241274,1241275,1241276,CVE-2025-21587,CVE-2025-30691,CVE-2025-30698 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through + JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 + JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with 'Uncaught exception thrown in test method Test4089106' + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 + JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because '' is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes 'monitor end should be strictly below the frame pointer' assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb 'info threads' command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1521-1 Released: Fri May 9 06:56:24 2025 Summary: Security update for tomcat Type: security Severity: important References: 1242008,1242009,CVE-2025-31650,CVE-2025-31651 This update for tomcat fixes the following issues: Update to Tomcat 9.0.104 - CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008) - CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009) Full changelog: https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm The following package changes have been done: - patterns-base-fips-20200124-150600.32.6.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - glibc-2.38-150600.14.29.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated - pam-1.3.0-150000.6.76.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - glibc-locale-base-2.38-150600.14.29.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.6.1 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libxml2-tools-2.10.3-150500.5.26.1 updated - glibc-locale-2.38-150600.14.29.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - iproute2-6.4-150600.7.6.1 updated - glibc-devel-2.38-150600.14.29.1 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - python3-libxml2-2.10.3-150500.5.26.1 updated - java-17-openjdk-headless-17.0.15.0-150400.3.54.1 updated - tomcat-servlet-4_0-api-9.0.104-150200.81.1 updated - tomcat-el-3_0-api-9.0.104-150200.81.1 updated - java-17-openjdk-17.0.15.0-150400.3.54.1 updated - tomcat-jsp-2_3-api-9.0.104-150200.81.1 updated - tomcat-lib-9.0.104-150200.81.1 updated - tomcat-9.0.104-150200.81.1 updated From sle-container-updates at lists.suse.com Sat May 10 07:22:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:22:41 +0200 (CEST) Subject: SUSE-CU-2025:3361-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250510072241.C46D0F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3361-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.119 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.119 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1526-1 Released: Fri May 9 17:21:06 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150200.43.1 updated - libsolv-tools-0.7.32-150200.43.1 updated - libzypp-17.36.7-150200.153.1 updated - zypper-1.14.89-150200.111.1 updated From sle-container-updates at lists.suse.com Sat May 10 07:29:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 May 2025 09:29:36 +0200 (CEST) Subject: SUSE-CU-2025:3363-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250510072936.2D34CF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3363-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.121 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.121 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1526-1 Released: Fri May 9 17:21:06 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150200.43.1 updated - libsolv-tools-0.7.32-150200.43.1 updated - libzypp-17.36.7-150200.153.1 updated - zypper-1.14.89-150200.111.1 updated From sle-container-updates at lists.suse.com Tue May 13 07:04:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 May 2025 09:04:01 +0200 (CEST) Subject: SUSE-IU-2025:1303-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250513070401.3DD6FF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1303-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.24 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.24 Severity : important Type : recommended References : 1224868 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 313 Released: Mon May 12 11:36:50 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - NetworkManager-wwan-1.42.6-6.1 updated From sle-container-updates at lists.suse.com Tue May 13 07:06:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 May 2025 09:06:02 +0200 (CEST) Subject: SUSE-IU-2025:1306-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250513070602.D4F2EF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1306-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.31 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.31 Severity : critical Type : recommended References : 1217885 1228086 1231476 1231792 1232063 1236982 1237695 1239632 1240919 CVE-2024-9781 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 98 Released: Mon May 12 11:09:06 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1217885,1228086,1231476,1231792,1232063,1236982,1237695,1239632,1240919,CVE-2024-9781 This update for dracut fixes the following issues: Update to version 059+suse.631.ga638ed12: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions * fix(dracut.spec): move znet to the main package (bsc#1239632) Update to version 059+suse.623.gf9a73df5: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) Update to version 059+suse.617.gb2c1d974: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) Update to version 059+suse.610.g850d981a: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) The following package changes have been done: - dracut-059+suse.631.ga638ed12-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.31 updated From sle-container-updates at lists.suse.com Tue May 13 07:06:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 May 2025 09:06:03 +0200 (CEST) Subject: SUSE-IU-2025:1307-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250513070603.ACDF9F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1307-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.32 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.32 Severity : moderate Type : security References : 1218424 1229122 1233420 CVE-2024-52616 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 100 Released: Mon May 12 16:33:40 2025 Summary: Security update for avahi Type: security Severity: moderate References: 1218424,1229122,1233420,CVE-2024-52616 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed predictable transaction IDs for Wide-Area DNS (bsc#1233420) - Drop rcFOO symlinks (jsc#PED-266). The following package changes have been done: - SL-Micro-release-6.1-slfo.1.11.29 updated - libavahi-common3-0.8-slfo.1.1_2.1 updated - libavahi-core7-0.8-slfo.1.1_2.1 updated - libavahi-client3-0.8-slfo.1.1_2.1 updated - avahi-0.8-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.32 updated From sle-container-updates at lists.suse.com Tue May 13 07:06:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 May 2025 09:06:23 +0200 (CEST) Subject: SUSE-IU-2025:1309-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250513070623.42EC2F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1309-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.31 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.31 Severity : critical Type : security References : 1010996 1199079 1217885 1228086 1229003 1231476 1231792 1232063 1234798 1236982 1237695 1239632 1240009 1240343 1240919 441356 CVE-2024-10389 CVE-2024-10975 CVE-2024-45794 CVE-2024-48057 CVE-2024-51735 CVE-2024-51746 CVE-2024-9781 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 98 Released: Mon May 12 11:09:06 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1217885,1228086,1231476,1231792,1232063,1236982,1237695,1239632,1240919,CVE-2024-9781 This update for dracut fixes the following issues: Update to version 059+suse.631.ga638ed12: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions * fix(dracut.spec): move znet to the main package (bsc#1239632) Update to version 059+suse.623.gf9a73df5: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) Update to version 059+suse.617.gb2c1d974: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) Update to version 059+suse.610.g850d981a: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) ----------------------------------------------------------------- Advisory ID: 99 Released: Mon May 12 11:14:56 2025 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1010996,1199079,1229003,1234798,1240009,1240343,441356,CVE-2024-10389,CVE-2024-10975,CVE-2024-45794,CVE-2024-48057,CVE-2024-51735,CVE-2024-51746 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: Removed: * SwissSign Silver CA - G2 Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): Removed: * SecureSign RootCA11 * Security Communication RootCA3 Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - dracut-059+suse.631.ga638ed12-slfo.1.1_1.1 updated - ca-certificates-mozilla-2.74-slfo.1.1_1.1 updated - container:suse-toolbox-image-1.0.0-4.31 updated From sle-container-updates at lists.suse.com Wed May 14 11:25:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 May 2025 13:25:58 +0200 (CEST) Subject: SUSE-CU-2025:3382-1: Recommended update of containers/open-webui Message-ID: <20250514112558.23E30FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3382-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.50 Container Release : 9.50 Severity : moderate Type : recommended References : 1233520 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4415-1 Released: Mon Dec 23 20:45:48 2024 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1233520 This update for binutils fixes the following issues: Update to current 2.43.1 branch [PED-10254, PED-10306]: * s390 - Add arch15 instructions * various fixes from upstream: PR32153, PR32171, PR32189, PR32196, PR32191, PR32109, PR32372, PR32387 The following package changes have been done: - libasan6-11.3.0+git1637-150000.1.11.2 added - libatomic1-14.2.0+git10526-150000.1.6.1 added - libctf-nobfd0-2.43-150100.7.52.1 added - libisl15-0.18-1.443 added - libitm1-14.2.0+git10526-150000.1.6.1 added - liblsan0-14.2.0+git10526-150000.1.6.1 added - libtsan0-11.3.0+git1637-150000.1.11.2 added - libubsan1-14.2.0+git10526-150000.1.6.1 added - libzstd1-1.5.6-150600.1.10 updated - linux-glibc-devel-6.4-150600.2.17 added - libxcrypt-devel-4.4.15-150300.4.7.1 added - libctf0-2.43-150100.7.52.1 added - binutils-2.43-150100.7.52.1 added - python311-devel-3.11.11-150600.3.21.1 added - cpp11-11.3.0+git1637-150000.1.11.2 added - glibc-devel-2.38-150600.14.29.1 added - libzstd-devel-1.5.6-150600.1.10 added - libstdc++6-devel-gcc11-11.3.0+git1637-150000.1.11.2 added - gcc11-11.3.0+git1637-150000.1.11.2 added - gcc11-c++-11.3.0+git1637-150000.1.11.2 added - python311-torch-2.7.0-150600.1.1 updated - python311-open-webui-0.5.14-150600.1.31 updated From sle-container-updates at lists.suse.com Wed May 14 11:28:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 May 2025 13:28:01 +0200 (CEST) Subject: SUSE-IU-2025:1336-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250514112801.1DBAAFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1336-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.36 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.36 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Tue May 13 15:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]): * Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - no source changes, just adding jira reference: jsc#SLE-21253 Version update to 2.6.4 * Security fixes: [bsc#1232601][bsc#1232579] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target 'expat::expat' #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) -- Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) -- Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.31 updated - container:SL-Micro-container-2.2.0-4.34 updated From sle-container-updates at lists.suse.com Thu May 15 07:12:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:12:14 +0200 (CEST) Subject: SUSE-IU-2025:1337-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250515071214.2DB20F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1337-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.34 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.34 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Tue May 13 15:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]): * Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - no source changes, just adding jira reference: jsc#SLE-21253 Version update to 2.6.4 * Security fixes: [bsc#1232601][bsc#1232579] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target 'expat::expat' #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) -- Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) -- Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.31 updated - container:SL-Micro-base-container-2.2.0-4.34 updated From sle-container-updates at lists.suse.com Thu May 15 07:12:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:12:34 +0200 (CEST) Subject: SUSE-IU-2025:1338-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250515071234.88499F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1338-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.34 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.34 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 107 Released: Tue May 13 15:32:59 2025 Summary: Security update for freetype2 Type: security Severity: important References: This update for freetype2 fixes the following issues: Update to 2.13.2: * Some fields in the `FT_Outline` structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. * Rare double-free crashes in the cache subsystem have been fixed. * Excessive stack allocation in the autohinter has been fixed. * The B/W rasterizer has received a major upkeep that results in large performance improvements. The rendering speed has increased and even doubled for very complex glyphs. ----------------------------------------------------------------- Advisory ID: 108 Released: Tue May 13 15:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]): * Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - no source changes, just adding jira reference: jsc#SLE-21253 Version update to 2.6.4 * Security fixes: [bsc#1232601][bsc#1232579] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target 'expat::expat' #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) -- Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) -- Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_1.1 updated - libfreetype6-2.13.3-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.31 updated - container:suse-toolbox-image-1.0.0-4.34 updated From sle-container-updates at lists.suse.com Thu May 15 07:12:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:12:53 +0200 (CEST) Subject: SUSE-IU-2025:1339-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250515071253.C3FC0F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1339-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.33 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.33 Severity : important Type : security References : 1219559 1219561 1221289 1229930 1229931 1229932 1232579 1232601 1239618 CVE-2013-0340 CVE-2019-15903 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-8176 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 108 Released: Tue May 13 15:37:50 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]): * Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do - no source changes, just adding jira reference: jsc#SLE-21253 Version update to 2.6.4 * Security fixes: [bsc#1232601][bsc#1232579] #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: #903 CMake: Add alias target 'expat::expat' #905 docs: Document use via CMake >=3.18 with FetchContent and SOURCE_SUBDIR and its consequences #902 tests: Reduce use of global parser instance #904 tests: Resolve duplicate handler #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903) #914 Fix signedness of format strings #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) -- Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) -- Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do The following package changes have been done: - libexpat1-2.7.1-slfo.1.1_1.1 updated - SL-Micro-release-6.1-slfo.1.11.31 updated - container:SL-Micro-base-container-2.2.0-4.34 updated From sle-container-updates at lists.suse.com Thu May 15 07:17:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:17:51 +0200 (CEST) Subject: SUSE-CU-2025:3397-1: Recommended update of bci/golang Message-ID: <20250515071751.9A279F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3397-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.9 , bci/golang:1.23.9-2.37.2 , bci/golang:oldstable , bci/golang:oldstable-2.37.2 Container Release : 37.2 Severity : moderate Type : recommended References : 1229122 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1552-1 Released: Wed May 14 19:07:13 2025 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker. (bsc#1229122) * go#73091 cmd/link: linkname directive on userspace variable can override runtime variable * go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64 The following package changes have been done: - go1.23-doc-1.23.9-150000.1.30.1 updated - go1.23-1.23.9-150000.1.30.1 updated - go1.23-race-1.23.9-150000.1.30.1 updated From sle-container-updates at lists.suse.com Thu May 15 07:19:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:19:14 +0200 (CEST) Subject: SUSE-CU-2025:3399-1: Security update of bci/golang Message-ID: <20250515071914.7FB08F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3399-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.3 , bci/golang:1.24.3-1.37.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.37.2 Container Release : 37.2 Severity : moderate Type : security References : 1236217 1242715 CVE-2025-22873 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1551-1 Released: Wed May 14 19:06:08 2025 Summary: Security update for go1.24 Type: security Severity: moderate References: 1236217,1242715,CVE-2025-22873 This update for go1.24 fixes the following issues: Update to go1.24.3 (bsc#1236217): Security fixes: - CVE-2025-22873: Fixed os.Root permits access to parent directory (bsc#1242715) Changelog: * go#73556 go#73555 security: fix CVE-2025-22873 os: Root permits access to parent directory * go#73082 os: Root.Open panics when opening a symlink referencing the root * go#73092 cmd/link: linkname directive on userspace variable can override runtime variable * go#73118 crypto/tls: ECH decodeInnerClientHello incorrectly rejects ClientHello with GREASE values in supportedVersions * go#73144 runtime: segmentation fault from vgetrandomPutState and runtime.growslice w/ runtime.OSLockThread * go#73192 runtime: -race data race map traceback report incorrect functions * go#73281 cmd/compile: program compiles to wasm but is invalid: go:wasmexport: integer too large * go#73379 runtime, x/sys/unix: Connectx is broken on darwin/amd64 * go#73440 cmd/compile: infinite loop in the inliner * go#73500 cmd/go: +dirty in version stamping doesn't combine well with +incompatible The following package changes have been done: - go1.24-doc-1.24.3-150000.1.23.1 updated - go1.24-1.24.3-150000.1.23.1 updated - go1.24-race-1.24.3-150000.1.23.1 updated From sle-container-updates at lists.suse.com Thu May 15 07:25:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:25:58 +0200 (CEST) Subject: SUSE-CU-2025:3413-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20250515072558.35671FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3413-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.55 , suse/sles/15.7/cdi-apiserver:1.58.0.27.140 Container Release : 27.140 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - containerized-data-importer-api-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:01 +0200 (CEST) Subject: SUSE-CU-2025:3414-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20250515072601.1B247FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3414-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.55 , suse/sles/15.7/cdi-cloner:1.58.0.28.140 Container Release : 28.140 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libblkid1-2.40.4-150700.2.4 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - containerized-data-importer-cloner-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:03 +0200 (CEST) Subject: SUSE-CU-2025:3415-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20250515072603.F2640FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3415-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.55 , suse/sles/15.7/cdi-controller:1.58.0.27.140 Container Release : 27.140 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - containerized-data-importer-controller-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:06 +0200 (CEST) Subject: SUSE-CU-2025:3416-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20250515072606.D3303FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3416-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.55 , suse/sles/15.7/cdi-importer:1.58.0.29.110 Container Release : 29.110 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libgpg-error0-1.50-150700.1.8 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libgcrypt20-1.11.0-150700.3.5 updated - libblkid1-2.40.4-150700.2.4 updated - libxml2-2-2.12.10-150700.2.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libnettle8-3.10.1-150700.2.16 updated - libhogweed6-3.10.1-150700.2.16 updated - qemu-img-9.2.2-150700.1.4 updated - nbdkit-server-1.40.4-150700.2.4 updated - libnbd0-1.20.3-150700.1.8 updated - nbdkit-xz-filter-1.40.4-150700.2.4 updated - nbdkit-curl-plugin-1.40.4-150700.2.4 updated - nbdkit-basic-filters-1.40.4-150700.2.4 updated - containerized-data-importer-importer-1.58.0-150700.7.55 updated - nbdkit-vddk-plugin-1.40.4-150700.2.4 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:09 +0200 (CEST) Subject: SUSE-CU-2025:3417-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20250515072609.B51C3FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3417-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.55 , suse/sles/15.7/cdi-operator:1.58.0.27.140 Container Release : 27.140 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - containerized-data-importer-operator-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:12 +0200 (CEST) Subject: SUSE-CU-2025:3418-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20250515072612.99504FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3418-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.55 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.140 Container Release : 27.140 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:15 +0200 (CEST) Subject: SUSE-CU-2025:3419-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20250515072615.793D2FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3419-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.55 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.153 Container Release : 28.153 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libgpg-error0-1.50-150700.1.8 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libgcrypt20-1.11.0-150700.3.5 updated - libblkid1-2.40.4-150700.2.4 updated - libxml2-2-2.12.10-150700.2.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libnettle8-3.10.1-150700.2.16 updated - libhogweed6-3.10.1-150700.2.16 updated - qemu-img-9.2.2-150700.1.4 updated - libnbd0-1.20.3-150700.1.8 updated - libnbd-1.20.3-150700.1.8 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.55 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:34 +0200 (CEST) Subject: SUSE-CU-2025:3421-1: Security update of suse/sles/15.7/virt-api Message-ID: <20250515072634.23AD6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3421-1 Container Tags : suse/sles/15.7/virt-api:1.5.0 , suse/sles/15.7/virt-api:1.5.0-150700.1.3 , suse/sles/15.7/virt-api:1.5.0.27.139 Container Release : 27.139 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - kubevirt-virt-api-1.5.0-150700.1.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:36 +0200 (CEST) Subject: SUSE-CU-2025:3422-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20250515072636.F0661FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3422-1 Container Tags : suse/sles/15.7/virt-controller:1.5.0 , suse/sles/15.7/virt-controller:1.5.0-150700.1.3 , suse/sles/15.7/virt-controller:1.5.0.27.139 Container Release : 27.139 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - kubevirt-virt-controller-1.5.0-150700.1.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:39 +0200 (CEST) Subject: SUSE-CU-2025:3423-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20250515072639.C6428FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3423-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.5.0 , suse/sles/15.7/virt-exportproxy:1.5.0-150700.1.3 , suse/sles/15.7/virt-exportproxy:1.5.0.11.139 Container Release : 11.139 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - kubevirt-virt-exportproxy-1.5.0-150700.1.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:45 +0200 (CEST) Subject: SUSE-CU-2025:3425-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20250515072645.5A8C6FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3425-1 Container Tags : suse/sles/15.7/virt-handler:1.5.0 , suse/sles/15.7/virt-handler:1.5.0-150700.1.3 , suse/sles/15.7/virt-handler:1.5.0.30.10 Container Release : 30.10 Severity : important Type : security References : 1232234 1234128 1234452 1234713 1235481 1236033 1237374 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libgpg-error0-1.50-150700.1.8 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - findutils-4.10.0-150700.2.6 updated - libgcrypt20-1.11.0-150700.3.5 updated - libblkid1-2.40.4-150700.2.4 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - sles-release-15.7-150700.28.1 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - kbd-2.4.0-150700.13.3 updated - kubevirt-container-disk-1.5.0-150700.1.3 updated - kubevirt-virt-handler-1.5.0-150700.1.3 updated - libapparmor1-3.1.7-150600.5.6.1 updated - libbpf1-1.5.0-150700.1.3 updated - libexpat1-2.6.4-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libnettle8-3.10.1-150700.2.16 updated - pkg-config-0.29.2-150600.15.6.3 updated - libhogweed6-3.10.1-150700.2.16 updated - iproute2-6.4-150600.7.6.1 updated - qemu-img-9.2.2-150700.1.4 updated - util-linux-systemd-2.40.4-150700.2.4 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:42 +0200 (CEST) Subject: SUSE-CU-2025:3424-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20250515072642.957C0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3424-1 Container Tags : suse/sles/15.7/virt-exportserver:1.5.0 , suse/sles/15.7/virt-exportserver:1.5.0-150700.1.3 , suse/sles/15.7/virt-exportserver:1.5.0.12.139 Container Release : 12.139 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - kubevirt-virt-exportserver-1.5.0-150700.1.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:48 +0200 (CEST) Subject: SUSE-CU-2025:3426-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20250515072648.3C824FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3426-1 Container Tags : suse/sles/15.7/virt-launcher:1.5.0 , suse/sles/15.7/virt-launcher:1.5.0-150700.1.3 , suse/sles/15.7/virt-launcher:1.5.0.34.138 Container Release : 34.138 Severity : important Type : security References : 1232234 1234128 1234452 1234713 1235481 1235751 1236033 1237374 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libgpg-error0-1.50-150700.1.8 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - findutils-4.10.0-150700.2.6 updated - libgcrypt20-1.11.0-150700.3.5 updated - libblkid1-2.40.4-150700.2.4 updated - libxml2-2-2.12.10-150700.2.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - sles-release-15.7-150700.28.1 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - timezone-2025b-150600.91.6.2 updated - kbd-2.4.0-150700.13.3 updated - kubevirt-container-disk-1.5.0-150700.1.3 updated - libapparmor1-3.1.7-150600.5.6.1 updated - libbpf1-1.5.0-150700.1.3 updated - libdevmapper1_03-2.03.24_1.02.198-150700.5.3 updated - libexpat1-2.6.4-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libnettle8-3.10.1-150700.2.16 updated - libusdm0-24.09.0-150700.1.3 updated - pkg-config-0.29.2-150600.15.6.3 updated - qemu-accel-tcg-x86-9.2.2-150700.1.4 updated - qemu-hw-usb-host-9.2.2-150700.1.4 updated - qemu-ipxe-9.2.2-150700.1.4 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.4 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.4 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - xz-5.4.1-150600.3.3.1 updated - zstd-1.5.7-150700.1.2 updated - libndctl6-80-150700.1.3 updated - libhogweed6-3.10.1-150700.2.16 updated - virtiofsd-1.12.0-150700.1.8 updated - qemu-hw-usb-redirect-9.2.2-150700.1.4 updated - libqat4-24.09.0-150700.1.3 updated - iproute2-6.4-150600.7.6.1 updated - vim-small-9.1.1176-150500.20.24.2 updated - xen-libs-4.20.0_10-150700.1.3 updated - libqatzip3-1.2.0-150700.1.2 updated - qemu-img-9.2.2-150700.1.4 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - libvirt-libs-11.0.0-150700.2.3 updated - rdma-core-54.0-150700.1.9 updated - libvirt-daemon-log-11.0.0-150700.2.3 updated - libvirt-client-11.0.0-150700.2.3 updated - kubevirt-virt-launcher-1.5.0-150700.1.3 updated - swtpm-0.9.0-150700.1.4 updated - libibverbs1-54.0-150700.1.9 updated - libmlx5-1-54.0-150700.1.9 updated - libvirt-daemon-common-11.0.0-150700.2.3 updated - libmlx4-1-54.0-150700.1.9 updated - libmana1-54.0-150700.1.9 updated - libhns1-54.0-150700.1.9 updated - libefa1-54.0-150700.1.9 updated - libibverbs-54.0-150700.1.9 updated - librdmacm1-54.0-150700.1.9 updated - qemu-ovmf-x86_64-202408-150700.1.3 updated - qemu-x86-9.2.2-150700.1.4 updated - qemu-9.2.2-150700.1.4 updated - libvirt-daemon-driver-qemu-11.0.0-150700.2.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:51 +0200 (CEST) Subject: SUSE-CU-2025:3427-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20250515072651.3BB9DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3427-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.5.0 , suse/sles/15.7/libguestfs-tools:1.5.0-150700.1.3 , suse/sles/15.7/libguestfs-tools:1.5.0.28.178 Container Release : 28.178 Severity : important Type : security References : 1223330 1232234 1234128 1234452 1234713 1235481 1236033 1237374 1238591 1239625 1239637 1239663 1239883 1240414 CVE-2023-40403 CVE-2024-10041 CVE-2024-55549 CVE-2025-24855 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1125-1 Released: Thu Apr 3 13:49:28 2025 Summary: Security update for libxslt Type: security Severity: important References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1134-1 Released: Thu Apr 3 16:17:44 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1245-1 Released: Mon Apr 14 13:31:49 2025 Summary: Recommended update for pkg-config Type: recommended Severity: moderate References: 1237374 This update for rsync fixes the following issues: - Security scan found old glib in pkg-config (bsc#1237374). - This update for pkg-config changes attribute to the author who actually makes the change ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libzstd1-1.5.7-150700.1.2 updated - libuuid1-2.40.4-150700.2.4 updated - libsmartcols1-2.40.4-150700.2.4 updated - libnghttp2-14-1.64.0-150700.1.5 updated - libgpg-error0-1.50-150700.1.8 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - findutils-4.10.0-150700.2.6 updated - libgcrypt20-1.11.0-150700.3.5 updated - libblkid1-2.40.4-150700.2.4 updated - libxml2-2-2.12.10-150700.2.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libmount1-2.40.4-150700.2.4 updated - libfdisk1-2.40.4-150700.2.4 updated - libzck1-1.5.1-150700.1.2 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - sles-release-15.7-150700.28.1 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - util-linux-2.40.4-150700.2.4 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - kbd-2.4.0-150700.13.3 updated - libguestfs-winsupport-1.55.6-150700.1.7 updated - guestfs-tools-1.53.7-150700.1.2 updated - libapparmor1-3.1.7-150600.5.6.1 updated - libbpf1-1.5.0-150700.1.3 updated - libdevmapper1_03-2.03.24_1.02.198-150700.5.3 updated - libexpat1-2.6.4-150700.1.4 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libhivex0-1.3.24-150700.1.6 updated - libnettle8-3.10.1-150700.2.16 updated - libopenssl1_1-1.1.1w-150700.9.37 updated - libusdm0-24.09.0-150700.1.3 updated - libxslt1-1.1.34-150400.3.6.1 updated - mdadm-4.4-150700.2.7 updated - pigz-2.8-150700.1.4 updated - pkg-config-0.29.2-150600.15.6.3 updated - qemu-accel-tcg-x86-9.2.2-150700.1.4 updated - qemu-ipxe-9.2.2-150700.1.4 updated - qemu-seabios-9.2.21.16.3_3_g3d33c746-150700.1.4 updated - qemu-vgabios-9.2.21.16.3_3_g3d33c746-150700.1.4 updated - xz-5.4.1-150600.3.3.1 updated - zstd-1.5.7-150700.1.2 updated - libndctl6-80-150700.1.3 updated - libhogweed6-3.10.1-150700.2.16 updated - virtiofsd-1.12.0-150700.1.8 updated - libqat4-24.09.0-150700.1.3 updated - bind-utils-9.20.3-150700.1.6 updated - hwinfo-21.87-150500.3.6.1 updated - iproute2-6.4-150600.7.6.1 updated - libmpath0-0.10.2+122+suse.51e02cc-150700.1.4 updated - xen-libs-4.20.0_10-150700.1.3 updated - libqatzip3-1.2.0-150700.1.2 updated - qemu-vmsr-helper-9.2.2-150700.1.4 updated - qemu-pr-helper-9.2.2-150700.1.4 updated - qemu-img-9.2.2-150700.1.4 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - qemu-tools-9.2.2-150700.1.4 updated - util-linux-systemd-2.40.4-150700.2.4 updated - libvirt-libs-11.0.0-150700.2.3 updated - wicked-0.6.78-150700.1.4 updated - wicked-service-0.6.78-150700.1.4 updated - dracut-059+suse.562.g5ab4efaa-150700.1.11 updated - supermin-5.3.5-150700.2.8 updated - rdma-core-54.0-150700.1.9 updated - dracut-fips-059+suse.562.g5ab4efaa-150700.1.11 updated - libibverbs1-54.0-150700.1.9 updated - libmlx5-1-54.0-150700.1.9 updated - libosinfo-1_0-0-1.12.0-150700.1.4 updated - libosinfo-1.12.0-150700.1.4 updated - libmlx4-1-54.0-150700.1.9 updated - libmana1-54.0-150700.1.9 updated - libhns1-54.0-150700.1.9 updated - libefa1-54.0-150700.1.9 updated - libibverbs-54.0-150700.1.9 updated - librdmacm1-54.0-150700.1.9 updated - qemu-x86-9.2.2-150700.1.4 updated - qemu-9.2.2-150700.1.4 updated - qemu-ovmf-x86_64-202408-150700.1.3 updated - libguestfs0-1.55.6-150700.1.7 updated - libguestfs-devel-1.55.6-150700.1.7 updated - libguestfs-appliance-1.55.6-150700.1.7 updated - libguestfs-1.55.6-150700.1.7 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:26:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:26:53 +0200 (CEST) Subject: SUSE-CU-2025:3428-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20250515072653.E4F6AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3428-1 Container Tags : suse/sles/15.7/virt-operator:1.5.0 , suse/sles/15.7/virt-operator:1.5.0-150700.1.3 , suse/sles/15.7/virt-operator:1.5.0.27.139 Container Release : 27.139 Severity : important Type : security References : 1232234 1234128 1234713 1239883 1240414 CVE-2024-10041 CVE-2025-31115 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1137-1 Released: Thu Apr 3 17:11:02 2025 Summary: Security update for xz Type: security Severity: important References: 1240414,CVE-2025-31115 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1198-1 Released: Fri Apr 11 09:46:09 2025 Summary: Recommended update for glibc Type: recommended Severity: important References: 1234128,1234713,1239883 This update for glibc fixes the following issues: - Fix the lost wakeup from a bug in signal stealing (bsc#1234128) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Bump minimal kernel version to 4.3 to enable use of direct socketcalls on x86-32 and s390x (bsc#1234713) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) The following package changes have been done: - glibc-2.38-150600.14.29.1 updated - liblzma5-5.4.1-150600.3.3.1 updated - libopenssl3-3.2.3-150700.3.20 updated - grep-3.11-150700.1.8 updated - libopenssl-3-fips-provider-3.2.3-150700.3.20 updated - permissions-20240826-150700.14.4 updated - pam-1.3.0-150000.6.76.1 updated - kubevirt-virt-operator-1.5.0-150700.1.3 updated - container:sles15-image-15.7.0-3.68 updated From sle-container-updates at lists.suse.com Thu May 15 07:28:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 09:28:48 +0200 (CEST) Subject: SUSE-CU-2025:3436-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250515072848.B137BFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3436-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.23 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1549-1 Released: Wed May 14 11:06:26 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150400.5.18.1 updated From sle-container-updates at lists.suse.com Thu May 15 13:45:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 15:45:38 +0200 (CEST) Subject: SUSE-IU-2025:1340-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250515134538.26E5AF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1340-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.35 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.35 Severity : moderate Type : recommended References : 1228246 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 110 Released: Thu May 15 11:48:30 2025 Summary: Recommended update for sysstat Type: recommended Severity: moderate References: 1228246 This update for sysstat fixes the following issues: - Updated the diff file to use flock to create the lockfile. Using lockfile would require additional SELinux permissions.(bsc#1228246) The following package changes have been done: - sysstat-12.6.2-slfo.1.1_2.1 updated From sle-container-updates at lists.suse.com Thu May 15 14:11:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 May 2025 16:11:37 +0200 (CEST) Subject: SUSE-CU-2025:3436-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250515141137.329FBFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3436-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.23 Severity : moderate Type : security References : 1241678 CVE-2024-10041 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1549-1 Released: Wed May 14 11:06:26 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - libapparmor1-3.0.4-150400.5.18.1 updated From sle-container-updates at lists.suse.com Fri May 16 07:05:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 09:05:35 +0200 (CEST) Subject: SUSE-IU-2025:1343-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250516070535.9CBBEFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1343-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.36 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 4.36 Severity : important Type : security References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 111 Released: Thu May 15 19:45:43 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to v1.7.2: * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239335) * Label Templates: add IP addresses to the Network variables (#885, #894) * Fixed generation of already present resources (#892, #893) The following package changes have been done: - elemental-register-1.7.2-slfo.1.1_1.1 updated - elemental-support-1.7.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.35 updated From sle-container-updates at lists.suse.com Fri May 16 07:05:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 09:05:52 +0200 (CEST) Subject: SUSE-IU-2025:1344-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250516070552.03BD0FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1344-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.35 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.35 Severity : important Type : security References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 111 Released: Thu May 15 19:45:43 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to v1.7.2: * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239335) * Label Templates: add IP addresses to the Network variables (#885, #894) * Fixed generation of already present resources (#892, #893) The following package changes have been done: - elemental-register-1.7.2-slfo.1.1_1.1 updated - elemental-support-1.7.2-slfo.1.1_1.1 updated From sle-container-updates at lists.suse.com Fri May 16 07:06:08 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 09:06:08 +0200 (CEST) Subject: SUSE-IU-2025:1345-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250516070608.6CB87FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1345-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.34 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.34 Severity : important Type : security References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 111 Released: Thu May 15 19:45:43 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to v1.7.2: * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239335) * Label Templates: add IP addresses to the Network variables (#885, #894) * Fixed generation of already present resources (#892, #893) The following package changes have been done: - elemental-register-1.7.2-slfo.1.1_1.1 updated - elemental-support-1.7.2-slfo.1.1_1.1 updated - container:SL-Micro-base-container-2.2.0-4.35 updated From sle-container-updates at lists.suse.com Fri May 16 07:06:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 09:06:27 +0200 (CEST) Subject: SUSE-IU-2025:1346-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250516070627.9CAE4FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1346-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.38 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.38 Severity : important Type : security References : 1238700 1239335 CVE-2025-22869 CVE-2025-22870 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 111 Released: Thu May 15 19:45:43 2025 Summary: Security update for elemental-operator Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-operator fixes the following issues: - Updated to v1.7.2: * Updated header year * CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239335) * Label Templates: add IP addresses to the Network variables (#885, #894) * Fixed generation of already present resources (#892, #893) The following package changes have been done: - elemental-register-1.7.2-slfo.1.1_1.1 updated - elemental-support-1.7.2-slfo.1.1_1.1 updated - container:SL-Micro-container-2.2.0-4.36 updated From sle-container-updates at lists.suse.com Fri May 16 07:07:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 09:07:44 +0200 (CEST) Subject: SUSE-CU-2025:3484-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250516070744.4FF86FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3484-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.84 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.84 Severity : moderate Type : recommended References : 1234798 1240009 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1558-1 Released: Thu May 15 13:15:02 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1234798,1240009 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 The following package changes have been done: - ca-certificates-mozilla-2.74-12.51.1 updated From sle-container-updates at lists.suse.com Fri May 16 14:03:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 May 2025 16:03:33 +0200 (CEST) Subject: SUSE-IU-2025:1353-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250516140333.774A0FD12@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1353-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.25 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.25 Severity : important Type : recommended References : 1235751 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 322 Released: Fri May 16 08:44:23 2025 Summary: Recommended update for vim Type: recommended Severity: important References: 1235751 This update for vim fixes the following issues: - Introduce patch to fix bsc#1235751 (regression). - Update to 9.1.1176. Changes: * 9.1.1176: wrong indent when expanding multiple lines * 9.1.1175: inconsistent behaviour with exclusive selection and motion commands * 9.1.1174: tests: Test_complete_cmdline() may fail * 9.1.1173: filetype: ABNF files are not detected * 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file * 9.1.1171: tests: wrong arguments passed to assert_equal() * 9.1.1170: wildmenu highlighting in popup can be improved * 9.1.1169: using global variable for get_insert()/get_lambda_name() * 9.1.1168: wrong flags passed down to nextwild() * 9.1.1167: mark '] wrong after copying text object * 9.1.1166: command-line auto-completion hard with wildmenu * 9.1.1165: diff: regression with multi-file diff blocks * 9.1.1164: [security]: code execution with tar.vim and special crafted tar files * 9.1.1163: $MYVIMDIR is set too late * 9.1.1162: completion popup not cleared in cmdline * 9.1.1161: preinsert requires bot 'menu' and 'menuone' to be set * 9.1.1160: Ctrl-Y does not work well with 'preinsert' when completing items * 9.1.1159: $MYVIMDIR may not always be set * 9.1.1158: :verbose set has wrong file name with :compiler! * 9.1.1157: command completion wrong for input() * 9.1.1156: tests: No test for what patch 9.1.1152 fixes * 9.1.1155: Mode message not cleared after :silent message * 9.1.1154: Vim9: not able to use autoload class accross scripts * 9.1.1153: build error on Haiku * 9.1.1152: Patch v9.1.1151 causes problems * 9.1.1151: too many strlen() calls in getchar.c * 9.1.1150: :hi completion may complete to wrong value * 9.1.1149: Unix Makefile does not support Brazilian lang for the installer * 9.1.1148: Vim9: finding imported scripts can be further improved * 9.1.1147: preview-window does not scroll correctly * 9.1.1146: Vim9: wrong context being used when evaluating class member * 9.1.1145: multi-line completion has wrong indentation for last line * 9.1.1144: no way to create raw strings from a blob * 9.1.1143: illegal memory access when putting a register * 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined * 9.1.1141: Misplaced comment in readfile() * 9.1.1140: filetype: m17ndb files are not detected * 9.1.1139: [fifo] is not displayed when editing a fifo * 9.1.1138: cmdline completion for :hi is too simplistic * 9.1.1137: ins_str() is inefficient by calling STRLEN() * 9.1.1136: Match highlighting marks a buffer region as changed * 9.1.1135: 'suffixesadd' doesn't work with multiple items * 9.1.1134: filetype: Guile init file not recognized * 9.1.1133: filetype: xkb files not recognized everywhere * 9.1.1132: Mark positions wrong after triggering multiline completion * 9.1.1131: potential out-of-memory issue in search.c * 9.1.1130: 'listchars' 'precedes' is not drawn on Tabs. * 9.1.1129: missing out-of-memory test in buf_write() * 9.1.1128: patch 9.1.1119 caused a regression with imports * 9.1.1127: preinsert text is not cleaned up correctly * 9.1.1126: patch 9.1.1121 used a wrong way to handle enter * 9.1.1125: cannot loop through pum menu with multiline items * 9.1.1124: No test for 'listchars' 'precedes' with double-width char * 9.1.1123: popup hi groups not falling back to defaults * 9.1.1122: too many strlen() calls in findfile.c * 9.1.1121: Enter does not insert newline with 'noselect' * 9.1.1120: tests: Test_registers fails * 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script * 9.1.1118: tests: test_termcodes fails * 9.1.1117: there are a few minor style issues * 9.1.1116: Vim9: super not supported in lambda expressions * 9.1.1115: [security]: use-after-free in str_to_reg() * 9.1.1114: enabling termguicolors automatically confuses users * 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds * 9.1.1112: Inconsistencies in get_next_or_prev_match() * 9.1.1111: Vim9: variable not found in transitive import * 9.1.1110: Vim tests are slow and flaky * 9.1.1109: cmdexpand.c hard to read * 9.1.1108: 'smoothscroll' gets stuck with 'listchars' 'eol' * 9.1.1107: cannot loop through completion menu with fuzzy * 9.1.1106: tests: Test_log_nonexistent() causes asan failure * 9.1.1105: Vim9: no support for protected new() method * 9.1.1104: CI: using Ubuntu 22.04 Github runners * 9.1.1103: if_perl: still some compile errors with Perl 5.38 * 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename The following package changes have been done: - vim-data-common-9.1.1176-1.1 updated - vim-small-9.1.1176-1.1 updated From sle-container-updates at lists.suse.com Sat May 17 07:02:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 17 May 2025 09:02:32 +0200 (CEST) Subject: SUSE-IU-2025:1358-1: Security update of suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2 Message-ID: <20250517070232.AE4CCFD12@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1358-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2:20250514 Image Release : Severity : important Type : security References : 1232234 1239680 1239749 1241020 1241078 1241189 1241453 1241551 CVE-2024-10041 CVE-2024-40635 CVE-2025-2312 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.9.1 updated - apparmor-parser-3.1.7-150600.5.9.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - glibc-locale-base-2.38-150600.14.29.1 updated - glibc-locale-2.38-150600.14.29.1 updated - glibc-2.38-150600.14.29.1 updated - iproute2-6.4-150600.7.6.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - libaugeas0-1.14.1-150600.3.3.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.6.1 updated - libfa1-1.14.1-150600.3.3.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libsolv-tools-base-0.7.32-150600.8.10.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.7-150600.3.53.1 updated - openssl-3-3.1.4-150600.5.27.1 updated - pam-1.3.0-150000.6.76.1 updated - samba-client-libs-4.19.8+git.422.34307c5a3aa-150600.3.15.1 updated - timezone-2025b-150600.91.6.2 updated - zypper-1.14.89-150600.10.31.1 updated From sle-container-updates at lists.suse.com Sat May 17 07:02:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 17 May 2025 09:02:40 +0200 (CEST) Subject: SUSE-IU-2025:1359-1: Security update of suse-sles-15-sp6-chost-byos-v20250514-hvm-ssd-x86_64 Message-ID: <20250517070240.BD85EFD12@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250514-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1359-1 Image Tags : suse-sles-15-sp6-chost-byos-v20250514-hvm-ssd-x86_64:20250514 Image Release : Severity : important Type : security References : 1232234 1239680 1239749 1241020 1241078 1241189 1241453 1241551 CVE-2024-10041 CVE-2024-40635 CVE-2025-2312 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20250514-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.9.1 updated - apparmor-parser-3.1.7-150600.5.9.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - glibc-locale-base-2.38-150600.14.29.1 updated - glibc-locale-2.38-150600.14.29.1 updated - glibc-2.38-150600.14.29.1 updated - iproute2-6.4-150600.7.6.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - libaugeas0-1.14.1-150600.3.3.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.6.1 updated - libfa1-1.14.1-150600.3.3.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libsolv-tools-base-0.7.32-150600.8.10.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.7-150600.3.53.1 updated - openssh-server-config-disallow-rootlogin-9.6p1-150600.6.18.4 added - openssl-3-3.1.4-150600.5.27.1 updated - pam-1.3.0-150000.6.76.1 updated - samba-client-libs-4.19.8+git.422.34307c5a3aa-150600.3.15.1 updated - timezone-2025b-150600.91.6.2 updated - zypper-1.14.89-150600.10.31.1 updated From sle-container-updates at lists.suse.com Sat May 17 07:02:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 17 May 2025 09:02:56 +0200 (CEST) Subject: SUSE-IU-2025:1360-1: Security update of sles-15-sp6-chost-byos-v20250514-arm64 Message-ID: <20250517070256.152A7FD12@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250514-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1360-1 Image Tags : sles-15-sp6-chost-byos-v20250514-arm64:20250514 Image Release : Severity : important Type : security References : 1232234 1239680 1239749 1241020 1241078 1241189 1241453 1241551 CVE-2024-10041 CVE-2024-40635 CVE-2025-2312 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20250514-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1291-1 Released: Wed Apr 16 09:41:51 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) The following package changes have been done: - apparmor-abstractions-3.1.7-150600.5.9.1 updated - apparmor-parser-3.1.7-150600.5.9.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - glib2-tools-2.78.6-150600.4.11.1 updated - glibc-locale-base-2.38-150600.14.29.1 updated - glibc-locale-2.38-150600.14.29.1 updated - glibc-2.38-150600.14.29.1 updated - google-guest-oslogin-20240311.00-150000.1.50.1 updated - iproute2-6.4-150600.7.6.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - libaugeas0-1.14.1-150600.3.3.1 updated - libdevmapper1_03-2.03.22_1.02.196-150600.3.6.1 updated - libfa1-1.14.1-150600.3.3.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgcrypt20-1.10.3-150600.3.6.1 updated - libgio-2_0-0-2.78.6-150600.4.11.1 updated - libglib-2_0-0-2.78.6-150600.4.11.1 updated - libgmodule-2_0-0-2.78.6-150600.4.11.1 updated - libgobject-2_0-0-2.78.6-150600.4.11.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libsolv-tools-base-0.7.32-150600.8.10.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.7-150600.3.53.1 updated - nvme-cli-2.8+88.g21612f53-150600.3.15.1 updated - openssh-server-config-disallow-rootlogin-9.6p1-150600.6.18.4 added - openssl-3-3.1.4-150600.5.27.1 updated - pam-1.3.0-150000.6.76.1 updated - samba-client-libs-4.19.8+git.422.34307c5a3aa-150600.3.15.1 updated - timezone-2025b-150600.91.6.2 updated - zypper-1.14.89-150600.10.31.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:20:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:20:36 +0200 (CEST) Subject: SUSE-IU-2025:1365-1: Security update of suse/sle-micro/5.5 Message-ID: <20250519132036.DC0B9FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1365-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.293 , suse/sle-micro/5.5:latest Image Release : 5.5.293 Severity : moderate Type : security References : 1228634 1232533 1241012 1241045 CVE-2025-32728 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1576-1 Released: Mon May 19 06:48:35 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1228634,1232533,1241012,1241045,CVE-2025-32728 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) The following package changes have been done: - openssh-common-8.4p1-150300.3.49.1 updated - openssh-server-8.4p1-150300.3.49.1 updated - openssh-clients-8.4p1-150300.3.49.1 updated - openssh-8.4p1-150300.3.49.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:29:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:29:14 +0200 (CEST) Subject: SUSE-CU-2025:3525-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250519132914.B6C1BFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3525-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.81 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.81 , suse/ltss/sle15.3/sle15:latest Container Release : 2.81 Severity : moderate Type : recommended References : 1173375 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.1-150000.4.62.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:30:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:30:01 +0200 (CEST) Subject: SUSE-CU-2025:3526-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250519133001.3119AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3526-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.40 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.40 , suse/ltss/sle15.4/sle15:latest Container Release : 2.40 Severity : moderate Type : recommended References : 1173375 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.1-150000.4.62.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:32:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:32:42 +0200 (CEST) Subject: SUSE-CU-2025:3527-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250519133242.8B790FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3527-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.30 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.30 , suse/ltss/sle15.5/sle15:latest Container Release : 4.30 Severity : moderate Type : recommended References : 1173375 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.1-150000.4.62.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:34:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:34:35 +0200 (CEST) Subject: SUSE-CU-2025:3528-1: Recommended update of suse/sle15 Message-ID: <20250519133435.0A9ECFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3528-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.39 , suse/sle15:15.6 , suse/sle15:15.6.47.20.39 Container Release : 47.20.39 Severity : moderate Type : recommended References : 1173375 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.1-150000.4.62.1 updated From sle-container-updates at lists.suse.com Mon May 19 13:36:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 19 May 2025 15:36:21 +0200 (CEST) Subject: SUSE-CU-2025:3531-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20250519133621.67651FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3531-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.16 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.16 Severity : moderate Type : security References : 1228634 1232533 1241012 1241045 CVE-2025-32728 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1576-1 Released: Mon May 19 06:48:35 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1228634,1232533,1241012,1241045,CVE-2025-32728 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533) The following package changes have been done: - openssh-common-8.4p1-150300.3.49.1 updated - openssh-fips-8.4p1-150300.3.49.1 updated - openssh-server-8.4p1-150300.3.49.1 updated - openssh-clients-8.4p1-150300.3.49.1 updated - openssh-8.4p1-150300.3.49.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:04:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:04:24 +0200 (CEST) Subject: SUSE-IU-2025:1367-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250521070424.3D528FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1367-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.171 , suse/sle-micro/base-5.5:latest Image Release : 5.8.171 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgobject-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated - libgio-2_0-0-2.70.5-150400.3.20.1 updated - glib2-tools-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:06:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:06:16 +0200 (CEST) Subject: SUSE-IU-2025:1369-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250521070616.4D9A6FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1369-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.387 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.387 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgobject-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated - libgio-2_0-0-2.70.5-150400.3.20.1 updated - glib2-tools-2.70.5-150400.3.20.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.295 updated From sle-container-updates at lists.suse.com Wed May 21 07:07:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:07:22 +0200 (CEST) Subject: SUSE-IU-2025:1370-1: Security update of suse/sle-micro/5.5 Message-ID: <20250521070722.2E392FD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1370-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.295 , suse/sle-micro/5.5:latest Image Release : 5.5.295 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgobject-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated - libgio-2_0-0-2.70.5-150400.3.20.1 updated - glib2-tools-2.70.5-150400.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.171 updated From sle-container-updates at lists.suse.com Wed May 21 07:05:07 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:05:07 +0200 (CEST) Subject: SUSE-IU-2025:1368-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250521070507.C0454FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1368-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.326 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.326 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgobject-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated - libgio-2_0-0-2.70.5-150400.3.20.1 updated - glib2-tools-2.70.5-150400.3.20.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.171 updated From sle-container-updates at lists.suse.com Wed May 21 07:13:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:13:50 +0200 (CEST) Subject: SUSE-CU-2025:3538-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250521071350.BDA59F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3538-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.131 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.131 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:17:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:17:44 +0200 (CEST) Subject: SUSE-CU-2025:3540-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250521071744.3B63FF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3540-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.131 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.131 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:18:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:18:54 +0200 (CEST) Subject: SUSE-CU-2025:3541-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250521071854.0DA4AF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3541-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.34 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.34 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:19:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:19:16 +0200 (CEST) Subject: SUSE-IU-2025:1371-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250521071916.CD1A1F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1371-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-5.2 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 5.2 Severity : important Type : recommended References : 1224868 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - libnm0-1.42.6-slfo.1.1_2.1 updated - NetworkManager-1.42.6-slfo.1.1_2.1 updated - libauparse0-3.1.1-slfo.1.1_1.3 added - checkpolicy-3.5-slfo.1.1_1.2 added - libmpdec3-2.5.1-slfo.1.1_1.4 added - update-alternatives-1.22.0-slfo.1.1_1.4 added - python311-base-3.11.8-slfo.1.1_3.12 added - libpython3_11-1_0-3.11.8-slfo.1.1_3.12 added - python311-3.11.8-slfo.1.1_3.3 added - python311-setuptools-70.0.0-slfo.1.1_1.2 added - python311-semanage-3.5-slfo.1.1_1.2 added - python3-selinux-3.5-slfo.1.1_1.2 added - python3-audit-3.1.1-slfo.1.1_1.2 added - NetworkManager-wwan-1.42.6-slfo.1.1_2.1 updated - python311-setools-4.4.3-slfo.1.1_1.2 added - python3-policycoreutils-3.5-slfo.1.1_1.5 added - policycoreutils-python-utils-3.5-slfo.1.1_1.5 added - container:SL-Micro-base-container-2.2.0-4.36 updated From sle-container-updates at lists.suse.com Wed May 21 07:19:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:19:36 +0200 (CEST) Subject: SUSE-IU-2025:1372-1: Recommended update of suse/sl-micro/6.1/base-os-container Message-ID: <20250521071936.72C97F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1372-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.36 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.36 Severity : important Type : recommended References : 1224868 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - libnm0-1.42.6-slfo.1.1_2.1 updated - NetworkManager-1.42.6-slfo.1.1_2.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:19:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:19:56 +0200 (CEST) Subject: SUSE-IU-2025:1373-1: Recommended update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250521071956.63136F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1373-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.35 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.35 Severity : important Type : recommended References : 1224868 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - libnm0-1.42.6-slfo.1.1_2.1 updated - NetworkManager-1.42.6-slfo.1.1_2.1 updated - container:SL-Micro-base-container-2.2.0-4.36 updated From sle-container-updates at lists.suse.com Wed May 21 07:20:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:20:19 +0200 (CEST) Subject: SUSE-IU-2025:1374-1: Recommended update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250521072019.45354F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1374-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.40 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.40 Severity : important Type : recommended References : 1224868 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 113 Released: Tue May 20 10:06:33 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). The following package changes have been done: - libnm0-1.42.6-slfo.1.1_2.1 updated - NetworkManager-1.42.6-slfo.1.1_2.1 updated - container:SL-Micro-container-2.2.0-5.2 updated From sle-container-updates at lists.suse.com Wed May 21 07:23:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:23:48 +0200 (CEST) Subject: SUSE-CU-2025:3548-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20250521072348.9A07BF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3548-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.42 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.42 , suse/ltss/sle15.4/sle15:latest Container Release : 2.42 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - libglib-2_0-0-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:26:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:26:51 +0200 (CEST) Subject: SUSE-CU-2025:3549-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250521072651.436EBF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3549-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.32 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.32 , suse/ltss/sle15.5/sle15:latest Container Release : 4.32 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - container-suseconnect-2.5.0-150000.4.58.1 updated - libglib-2_0-0-2.70.5-150400.3.20.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:31:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:31:21 +0200 (CEST) Subject: SUSE-CU-2025:3557-1: Security update of suse/helm Message-ID: <20250521073121.B40A4F783@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3557-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.3 , suse/helm:3.17.3-39.7 , suse/helm:latest Container Release : 39.7 Severity : moderate Type : security References : ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1596-1 Released: Tue May 20 09:55:02 2025 Summary: Security update for helm Type: security Severity: moderate References: This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security (patch) release. Users are strongly recommended to update to this release. * Changelog - Unarchiving fix e4da497 (Matt Farina) The following package changes have been done: - helm-3.17.3-150000.1.47.1 updated From sle-container-updates at lists.suse.com Wed May 21 07:34:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:34:41 +0200 (CEST) Subject: SUSE-CU-2025:3563-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20250521073441.7A273F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3563-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.25 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.25 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.20.1 updated - libgobject-2_0-0-2.70.5-150400.3.20.1 updated - libgio-2_0-0-2.70.5-150400.3.20.1 updated - glib2-tools-2.70.5-150400.3.20.1 updated - container:sles15-ltss-image-15.4.0-2.40 updated From sle-container-updates at lists.suse.com Wed May 21 07:35:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 09:35:35 +0200 (CEST) Subject: SUSE-CU-2025:3566-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250521073535.5F410F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3566-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.32 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.32 Severity : moderate Type : security References : 1240897 CVE-2025-3360 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1599-1 Released: Tue May 20 12:52:43 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.20.1 updated - container:sles15-ltss-image-15.4.0-2.42 updated From sle-container-updates at lists.suse.com Wed May 21 15:28:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 17:28:26 +0200 (CEST) Subject: SUSE-CU-2025:3574-1: Security update of suse/sl-micro/6.0/base-iso-image Message-ID: <20250521152826.4E8EAF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/base-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3574-1 Container Tags : suse/sl-micro/6.0/base-iso-image:2.1.4 , suse/sl-micro/6.0/base-iso-image:2.1.4-5.27 , suse/sl-micro/6.0/base-iso-image:latest Container Release : 5.27 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:SL-Micro-base-container-2.1.3-6.29 updated - container:SL-Micro-container-2.1.3-6.29 updated From sle-container-updates at lists.suse.com Wed May 21 15:28:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 17:28:57 +0200 (CEST) Subject: SUSE-CU-2025:3575-1: Security update of suse/sl-micro/6.0/kvm-iso-image Message-ID: <20250521152857.BC7C2F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/kvm-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3575-1 Container Tags : suse/sl-micro/6.0/kvm-iso-image:2.1.4 , suse/sl-micro/6.0/kvm-iso-image:2.1.4-6.28 , suse/sl-micro/6.0/kvm-iso-image:latest Container Release : 6.28 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:SL-Micro-kvm-container-2.1.3-6.29 updated - container:SL-Micro-container-2.1.3-6.29 updated From sle-container-updates at lists.suse.com Wed May 21 15:29:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 May 2025 17:29:22 +0200 (CEST) Subject: SUSE-IU-2025:1378-1: Security update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250521152922.66A0EF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1378-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-5.3 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 5.3 Severity : moderate Type : security References : 1214960 1230092 CVE-2024-45310 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 115 Released: Wed May 21 13:12:02 2025 Summary: Security update for runc Type: security Severity: moderate References: 1214960,1230092,CVE-2024-45310 This update for runc fixes the following issues: Update to runc v1.2.6. Upstream changelog is available from . Update to runc v1.2.0~rc3. Upstream changelog is available from . - CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host (bsc#1230092) The following package changes have been done: - runc-1.2.6-slfo.1.1_1.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:05:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:05:44 +0200 (CEST) Subject: SUSE-IU-2025:1381-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250522070544.A2CDEFD12@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1381-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.173 , suse/sle-micro/base-5.5:latest Image Release : 5.8.173 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:05:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:05:43 +0200 (CEST) Subject: SUSE-IU-2025:1380-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250522070543.C1064FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1380-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.172 , suse/sle-micro/base-5.5:latest Image Release : 5.8.172 Severity : important Type : security References : 1054914 1206843 1210409 1222044 1225903 1229361 1229621 1230267 1230764 1231103 1231910 1235598 1235958 1235971 1236777 1237172 1237587 1237949 1237981 1238032 1238315 1238471 1238512 1238747 1238865 1239061 1239651 1239684 1239809 1239968 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240529 1240747 1240835 1241280 1241371 1241421 1241433 1241541 1241625 1241648 1242284 1242493 1242778 CVE-2021-47671 CVE-2022-48933 CVE-2022-49110 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49767 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53051 CVE-2024-42307 CVE-2024-46763 CVE-2024-46865 CVE-2024-50038 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-39735 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1620-1 Released: Wed May 21 11:58:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1626-1 Released: Wed May 21 12:00:29 2025 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1235958,1235971,1239651 This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged. Also the following issue was fixed: - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - grub2-2.06-150500.29.50.1 updated - grub2-i386-pc-2.06-150500.29.50.1 updated - kernel-default-5.14.21-150500.55.103.1 updated - grub2-x86_64-efi-2.06-150500.29.50.1 updated - libsolv-tools-base-0.7.32-150500.6.8.1 updated - libsolv-tools-0.7.32-150500.6.8.1 updated - libzypp-17.36.7-150500.6.45.1 updated - zypper-1.14.89-150500.6.29.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:06:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:06:27 +0200 (CEST) Subject: SUSE-IU-2025:1382-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250522070627.521D6FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1382-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.328 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.328 Severity : important Type : security References : 1054914 1206843 1210409 1225903 1229361 1229621 1230764 1231103 1231910 1236777 1237981 1238032 1238471 1238512 1238747 1238865 1239061 1239684 1239968 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240747 1240835 1241280 1241371 1241421 1241433 1241541 1241625 1241648 1242284 1242493 1242778 CVE-2021-47671 CVE-2022-48933 CVE-2022-49110 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49767 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53051 CVE-2024-42307 CVE-2024-46763 CVE-2024-46865 CVE-2024-50038 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-39735 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1620-1 Released: Wed May 21 11:58:41 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). The following package changes have been done: - kernel-default-base-5.14.21-150500.55.103.1.150500.6.49.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.172 updated From sle-container-updates at lists.suse.com Thu May 22 07:06:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:06:28 +0200 (CEST) Subject: SUSE-IU-2025:1383-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250522070628.38141FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1383-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.331 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.331 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.173 updated From sle-container-updates at lists.suse.com Thu May 22 07:07:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:07:31 +0200 (CEST) Subject: SUSE-IU-2025:1385-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250522070731.45BCDFD1A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1385-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.392 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.392 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.298 updated From sle-container-updates at lists.suse.com Thu May 22 07:07:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:07:30 +0200 (CEST) Subject: SUSE-IU-2025:1384-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250522070730.67787FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1384-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.389 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.389 Severity : important Type : security References : 1054914 1206843 1210409 1225903 1229361 1229621 1230764 1231103 1231910 1236777 1237981 1238032 1238471 1238512 1238747 1238865 1239061 1239684 1239968 1240209 1240211 1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274 1240285 1240295 1240306 1240314 1240315 1240321 1240747 1240835 1241280 1241371 1241421 1241433 1241541 1241625 1241648 1242284 1242493 1242778 CVE-2021-47671 CVE-2022-48933 CVE-2022-49110 CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49767 CVE-2023-52928 CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981 CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002 CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53051 CVE-2024-42307 CVE-2024-46763 CVE-2024-46865 CVE-2024-50038 CVE-2025-21726 CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-22004 CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22097 CVE-2025-2312 CVE-2025-23138 CVE-2025-39735 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1640-1 Released: Wed May 21 13:52:07 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621). - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981). - CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032). - CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865). - CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625). The following non-security bugs were fixed: - cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777). - cpufreq: Allow drivers to advertise boost enabled (bsc#1236777). - cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777). - cpufreq: Support per-policy performance boost (bsc#1236777). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). The following package changes have been done: - kernel-rt-5.14.21-150500.13.94.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.296 updated From sle-container-updates at lists.suse.com Thu May 22 07:08:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:08:35 +0200 (CEST) Subject: SUSE-IU-2025:1387-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250522070835.EDEC9FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1387-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.298 , suse/sle-micro/5.5:latest Image Release : 5.5.298 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.173 updated From sle-container-updates at lists.suse.com Thu May 22 07:14:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:14:45 +0200 (CEST) Subject: SUSE-CU-2025:3597-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250522071445.D7FC5F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3597-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.132 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.132 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1642-1 Released: Wed May 21 16:31:58 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - build both static and dynamic libraries on new suse distros - support the apk package and repository format (both v2 and v3) - new dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - BuildRequires: %{libsolv_devel_package} >= 0.7.32. - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false). - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change. - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - RpmPkgSigCheck_test: Exchange the test package signingkey - Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS - Strip a mediahandler tag from baseUrl querystrings. - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - Package preloader that concurrently downloads files. - BuildRequires: libzypp-devel >= 17.36.4. - refresh: add --include-all-archs - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150400.3.35.1 updated - libsolv-tools-0.7.32-150400.3.35.1 updated - libzypp-17.36.7-150400.3.119.1 updated - zypper-1.14.89-150400.3.82.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:18:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:18:39 +0200 (CEST) Subject: SUSE-CU-2025:3600-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250522071839.6D99BF783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3600-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.132 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.132 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1642-1 Released: Wed May 21 16:31:58 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - build both static and dynamic libraries on new suse distros - support the apk package and repository format (both v2 and v3) - new dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - BuildRequires: %{libsolv_devel_package} >= 0.7.32. - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false). - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change. - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - RpmPkgSigCheck_test: Exchange the test package signingkey - Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS - Strip a mediahandler tag from baseUrl querystrings. - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - Package preloader that concurrently downloads files. - BuildRequires: libzypp-devel >= 17.36.4. - refresh: add --include-all-archs - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150400.3.35.1 updated - libsolv-tools-0.7.32-150400.3.35.1 updated - libzypp-17.36.7-150400.3.119.1 updated - zypper-1.14.89-150400.3.82.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:19:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:19:52 +0200 (CEST) Subject: SUSE-CU-2025:3601-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250522071952.C73F1F783@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3601-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.35 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.35 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150500.6.8.1 updated - libsolv-tools-0.7.32-150500.6.8.1 updated - libzypp-17.36.7-150500.6.45.1 updated - zypper-1.14.89-150500.6.29.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:20:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:20:28 +0200 (CEST) Subject: SUSE-IU-2025:1388-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250522072028.4B572F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1388-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.31 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.31 Severity : important Type : security References : 1214960 1230092 1241083 CVE-2024-45310 CVE-2024-56406 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 330 Released: Wed May 21 17:37:32 2025 Summary: Security update for perl Type: security Severity: important References: 1241083,CVE-2024-56406 This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] ----------------------------------------------------------------- Advisory ID: 332 Released: Wed May 21 17:39:04 2025 Summary: Security update for runc Type: security Severity: moderate References: 1214960,1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.2.6. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.2.6 - CVE-2024-45310: Fixed runc can be tricked into creating empty files/directories on host (bsc#1230092) The following package changes have been done: - runc-1.2.6-1.1 updated - perl-5.38.2-2.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:23:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:23:51 +0200 (CEST) Subject: SUSE-CU-2025:3605-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250522072351.4DA86F783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3605-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.43 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.43 , suse/ltss/sle15.4/sle15:latest Container Release : 2.43 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1642-1 Released: Wed May 21 16:31:58 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - build both static and dynamic libraries on new suse distros - support the apk package and repository format (both v2 and v3) - new dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - BuildRequires: %{libsolv_devel_package} >= 0.7.32. - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false). - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change. - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - RpmPkgSigCheck_test: Exchange the test package signingkey - Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS - Strip a mediahandler tag from baseUrl querystrings. - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - Package preloader that concurrently downloads files. - BuildRequires: libzypp-devel >= 17.36.4. - refresh: add --include-all-archs - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150400.3.35.1 updated - libsolv-tools-0.7.32-150400.3.35.1 updated - libzypp-17.36.7-150400.3.119.1 updated - zypper-1.14.89-150400.3.82.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:26:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:26:28 +0200 (CEST) Subject: SUSE-CU-2025:3606-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250522072628.C236FF783@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3606-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.33 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.33 , suse/ltss/sle15.5/sle15:latest Container Release : 4.33 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1643-1 Released: Wed May 21 16:32:37 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - Support the apk package and repository format (both v2 and v3) - New dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false) - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - Strip a mediahandler tag from baseUrl querystrings - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150500.6.8.1 updated - libsolv-tools-0.7.32-150500.6.8.1 updated - libzypp-17.36.7-150500.6.45.1 updated - zypper-1.14.89-150500.6.29.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:27:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:27:09 +0200 (CEST) Subject: SUSE-CU-2025:3607-1: Security update of bci/golang Message-ID: <20250522072709.31056F783@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3607-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-59.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-59.4 Container Release : 59.4 Severity : important Type : security References : 1229122 1230252 1230253 1230254 1233306 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3937-1 Released: Thu Nov 7 11:08:03 2024 Summary: Security update for go1.23-openssl Type: security Severity: important References: 1229122,1230252,1230253,1230254,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158 This update for go1.23-openssl fixes the following issues: This update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320) - go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. * go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess * go#69156 maps: segmentation violation in maps.Clone * go#69219 cmd/cgo: alignment issue with int128 inside of a struct * go#69240 unique: fatal error: found pointer to free object * go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel * go#69383 unique: large string still referenced, after interning only a small substring * go#69402 os/exec: resource leak on exec failure * go#69511 cmd/compile: mysterious crashes and non-determinism with range over func - Update to version 1.23.1.1 cut from the go1.23-fips-release branch at the revision tagged go1.23.1-1-openssl-fips. * Update to Go 1.23.1 (#238) - go1.23.1 (released 2024-09-05) includes security fixes to the encoding/gob, go/build/constraint, and go/parser packages, as well as bug fixes to the compiler, the go command, the runtime, and the database/sql, go/types, os, runtime/trace, and unique packages. CVE-2024-34155 CVE-2024-34156 CVE-2024-34158: - go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions - go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode - go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse - go#68812 os: TestChtimes failures - go#68894 go/types: 'under' panics on Alias type - go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing - go#68907 os: CopyFS overwrites existing file in destination. - go#68973 cmd/cgo: aix c-archive corrupting stack - go#68992 unique: panic when calling unique.Make with string casted as any - go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE - go#68995 cmd/go: multi-arch build via qemu fails to exec go binary - go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex - go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine - go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode - go1.23 (released 2024-08-13) is a major release of Go. go1.23.x minor releases will be provided through August 2025. https://github.com/golang/go/wiki/Go-Release-Cycle go1.23 arrives six months after go1.22. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: Go 1.23 makes the (Go 1.22) 'range-over-func' experiment a part of the language. The 'range' clause in a 'for-range' loop now accepts iterator functions of the following types: func(func() bool) func(func(K) bool) func(func(K, V) bool) as range expressions. Calls of the iterator argument function produce the iteration values for the 'for-range' loop. For details see the iter package documentation and the language spec. For motivation see the 2022 'range-over-func' discussion. * Language change: Go 1.23 includes preview support for generic type aliases. Building the toolchain with GOEXPERIMENT=aliastypeparams enables this feature within a package. (Using generic alias types across package boundaries is not yet supported.) * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can collect usage and breakage statistics that help the Go team understand how the Go toolchain is used and how well it is working. We refer to these statistics as Go telemetry. Go telemetry is an opt-in system, controlled by the go telemetry command. By default, the toolchain programs collect statistics in counter files that can be inspected locally but are otherwise unused (go telemetry local). To help us keep Go working well and understand Go usage, please consider opting in to Go telemetry by running go telemetry on. In that mode, anonymous counter reports are uploaded to telemetry.go.dev weekly, where they are aggregated into graphs and also made available for download by any Go contributors or users wanting to analyze the data. See 'Go Telemetry' for more details about the Go Telemetry system. * go command: Setting the GOROOT_FINAL environment variable no longer has an effect (#62047). Distributions that install the go command to a location other than $GOROOT/bin/go should install a symlink instead of relocating or copying the go binary. * go command: The new go env -changed flag causes the command to print only those settings whose effective value differs from the default value that would be obtained in an empty environment with no prior uses of the -w flag. * go command: The new go mod tidy -diff flag causes the command not to modify the files but instead print the necessary changes as a unified diff. It exits with a non-zero code if updates are needed. * go command: The go list -m -json command now includes new Sum and GoModSum fields. This is similar to the existing behavior of the go mod download -json command. * go command: The new godebug directive in go.mod and go.work declares a GODEBUG setting to apply for the work module or workspace in use. * go vet: The go vet subcommand now includes the stdversion analyzer, which flags references to symbols that are too new for the version of Go in effect in the referring file. (The effective version is determined by the go directive in the file's enclosing go.mod file, and by any //go:build constraints in the file.) For example, it will report a diagnostic for a reference to the reflect.TypeFor function (introduced in go1.22) from a file in a module whose go.mod file specifies go 1.21. * cgo: cmd/cgo supports the new -ldflags flag for passing flags to the C linker. The go command uses it automatically, avoiding 'argument list too long' errors with a very large CGO_LDFLAGS. * go trace: The trace tool now better tolerates partially broken traces by attempting to recover what trace data it can. This functionality is particularly helpful when viewing a trace that was collected during a program crash, since the trace data leading up to the crash will now be recoverable under most circumstances. * Runtime: The traceback printed by the runtime after an unhandled panic or other fatal error now indents the second and subsequent lines of the error message (for example, the argument to panic) by a single tab, so that it can be unambiguously distinguished from the stack trace of the first goroutine. See go#64590 for discussion. * Compiler: The build time overhead to building with Profile Guided Optimization has been reduced significantly. Previously, large builds could see 100%+ build time increase from enabling PGO. In Go 1.23, overhead should be in the single digit percentages. * Compiler: The compiler in Go 1.23 can now overlap the stack frame slots of local variables accessed in disjoint regions of a function, which reduces stack usage for Go applications. * Compiler: For 386 and amd64, the compiler will use information from PGO to align certain hot blocks in loops. This improves performance an additional 1-1.5% at a cost of an additional 0.1% text and binary size. This is currently only implemented on 386 and amd64 because it has not shown an improvement on other platforms. Hot block alignment can be disabled with -gcflags=[=]-d=alignhot=0. * Linker: The linker now disallows using a //go:linkname directive to refer to internal symbols in the standard library (including the runtime) that are not marked with //go:linkname on their definitions. Similarly, the linker disallows references to such symbols from assembly code. For backward compatibility, existing usages of //go:linkname found in a large open-source code corpus remain supported. Any new references to standard library internal symbols will be disallowed. * Linker: A linker command line flag -checklinkname=0 can be used to disable this check, for debugging and experimenting purposes. * Linker: When building a dynamically linked ELF binary (including PIE binary), the new -bindnow flag enables immediate function binding. * Standard library changes: * timer: 1.23 makes two significant changes to the implementation of time.Timer and time.Ticker. First, Timers and Tickers that are no longer referred to by the program become eligible for garbage collection immediately, even if their Stop methods have not been called. Earlier versions of Go did not collect unstopped Timers until after they had fired and never collected unstopped Tickers. Second, the timer channel associated with a Timer or Ticker is now unbuffered, with capacity 0. The main effect of this change is that Go now guarantees that for any call to a Reset or Stop method, no stale values prepared before that call will be sent or received after the call. Earlier versions of Go used channels with a one-element buffer, making it difficult to use Reset and Stop correctly. A visible effect of this change is that len and cap of timer channels now returns 0 instead of 1, which may affect programs that poll the length to decide whether a receive on the timer channel will succeed. Such code should use a non-blocking receive instead. These new behaviors are only enabled when the main Go program is in a module with a go.mod go line using Go 1.23.0 or later. When Go 1.23 builds older programs, the old behaviors remain in effect. The new GODEBUG setting asynctimerchan=1 can be used to revert back to asynchronous channel behaviors even when a program names Go 1.23.0 or later in its go.mod file. * unique: The new unique package provides facilities for canonicalizing values (like 'interning' or 'hash-consing'). Any value of comparable type may be canonicalized with the new Make[T] function, which produces a reference to a canonical copy of the value in the form of a Handle[T]. Two Handle[T] are equal if and only if the values used to produce the handles are equal, allowing programs to deduplicate values and reduce their memory footprint. Comparing two Handle[T] values is efficient, reducing down to a simple pointer comparison. * iter: The new iter package provides the basic definitions for working with user-defined iterators. * slices: The slices package adds several functions that work with iterators: - All returns an iterator over slice indexes and values. - Values returns an iterator over slice elements. - Backward returns an iterator that loops over a slice backward. - Collect collects values from an iterator into a new slice. - AppendSeq appends values from an iterator to an existing slice. - Sorted collects values from an iterator into a new slice, and then sorts the slice. - SortedFunc is like Sorted but with a comparison function. - SortedStableFunc is like SortFunc but uses a stable sort algorithm. - Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice. * maps: The maps package adds several functions that work with iterators: - All returns an iterator over key-value pairs from a map. - Keys returns an iterator over keys in a map. - Values returns an iterator over values in a map. - Insert adds the key-value pairs from an iterator to an existing map. - Collect collects key-value pairs from an iterator into a new map and returns it. * structs: The new structs package provides types for struct fields that modify properties of the containing struct type such as memory layout. In this release, the only such type is HostLayout which indicates that a structure with a field of that type has a layout that conforms to host platform expectations. * Minor changes to the standard library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. * archive/tar: If the argument to FileInfoHeader implements the new FileInfoNames interface, then the interface methods will be used to set the Uname/Gname of the file header. This allows applications to override the system-dependent Uname/Gname lookup. * crypto/tls: The TLS client now supports the Encrypted Client Hello draft specification. This feature can be enabled by setting the Config.EncryptedClientHelloConfigList field to an encoded ECHConfigList for the host that is being connected to. * crypto/tls: The QUICConn type used by QUIC implementations includes new events reporting on the state of session resumption, and provides a way for the QUIC layer to add data to session tickets and session cache entries. * crypto/tls: 3DES cipher suites were removed from the default list used when Config.CipherSuites is nil. The default can be reverted by adding tls3des=1 to the GODEBUG environment variable. * crypto/tls: The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable. * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and LoadX509KeyPair to populate the Certificate.Leaf field of the returned Certificate. The new x509keypairleaf GODEBUG setting is added for this behavior. * crypto/x509: CreateCertificateRequest now correctly supports RSA-PSS signature algorithms. * crypto/x509: CreateCertificateRequest and CreateRevocationList now verify the generated signature using the signer's public key. If the signature is invalid, an error is returned. This has been the behavior of CreateCertificate since Go 1.16. * crypto/x509: The x509sha1 GODEBUG setting will be removed in the next Go major release (Go 1.24). This will mean that crypto/x509 will no longer support verifying signatures on certificates that use SHA-1 based signature algorithms. * crypto/x509: The new ParseOID function parses a dot-encoded ASN.1 Object Identifier string. The OID type now implements the encoding.BinaryMarshaler, encoding.BinaryUnmarshaler, encoding.TextMarshaler, encoding.TextUnmarshaler interfaces. database/sql * crypto/x509: Errors returned by driver.Valuer implementations are now wrapped for improved error handling during operations like DB.Query, DB.Exec, and DB.QueryRow. * debug/elf: The debug/elf package now defines PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD binaries. * debug/elf: Now defines the symbol type constants STT_RELC, STT_SRELC, and STT_GNU_IFUNC. * encoding/binary The new Encode and Decode functions are byte slice equivalents to Read and Write. Append allows marshaling multiple data into the same byte slice. * go/ast: The new Preorder function returns a convenient iterator over all the nodes of a syntax tree. * go/types: The Func type, which represents a function or method symbol, now has a Func.Signature method that returns the function's type, which is always a Signature. * go/types: The Alias type now has an Rhs method that returns the type on the right-hand side of its declaration: given type A = B, the Rhs of A is B. (go#66559) * go/types: The methods Alias.Origin, Alias.SetTypeParams, Alias.TypeParams, and Alias.TypeArgs have been added. They are needed for generic alias types. * go/types: By default, go/types now produces Alias type nodes for type aliases. This behavior can be controlled by the GODEBUG gotypesalias flag. Its default has changed from 0 in Go 1.22 to 1 in Go 1.23. * math/rand/v2: The Uint function and Rand.Uint method have been added. They were inadvertently left out of Go 1.22. * math/rand/v2: The new ChaCha8.Read method implements the io.Reader interface. * net: The new type KeepAliveConfig permits fine-tuning the keep-alive options for TCP connections, via a new TCPConn.SetKeepAliveConfig method and new KeepAliveConfig fields for Dialer and ListenConfig. * net: The DNSError type now wraps errors caused by timeouts or cancellation. For example, errors.Is(someDNSErr, context.DeadlineExceedeed) will now report whether a DNS error was caused by a timeout. * net: The new GODEBUG setting netedns0=0 disables sending EDNS0 additional headers on DNS requests, as they reportedly break the DNS server on some modems. * net/http: Cookie now preserves double quotes surrounding a cookie value. The new Cookie.Quoted field indicates whether the Cookie.Value was originally quoted. * net/http: The new Request.CookiesNamed method retrieves all cookies that match the given name. * net/http: The new Cookie.Partitioned field identifies cookies with the Partitioned attribute. * net/http: The patterns used by ServeMux now allow one or more spaces or tabs after the method name. Previously, only a single space was permitted. * net/http: The new ParseCookie function parses a Cookie header value and returns all the cookies which were set in it. Since the same cookie name can appear multiple times the returned Values can contain more than one value for a given key. * net/http: The new ParseSetCookie function parses a Set-Cookie header value and returns a cookie. It returns an error on syntax error. * net/http: ServeContent, ServeFile, and ServeFileFS now remove the Cache-Control, Content-Encoding, Etag, and Last-Modified headers when serving an error. These headers usually apply to the non-error content, but not to the text of errors. * net/http: Middleware which wraps a ResponseWriter and applies on-the-fly encoding, such as Content-Encoding: gzip, will not function after this change. The previous behavior of ServeContent, ServeFile, and ServeFileFS may be restored by setting GODEBUG=httpservecontentkeepheaders=1. Note that middleware which changes the size of the served content (such as by compressing it) already does not function properly when ServeContent handles a Range request. On-the-fly compression should use the Transfer-Encoding header instead of Content-Encoding. * net/http: For inbound requests, the new Request.Pattern field contains the ServeMux pattern (if any) that matched the request. This field is not set when GODEBUG=httpmuxgo121=1 is set. * net/http/httptest: The new NewRequestWithContext method creates an incoming request with a context.Context. * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to compare an Addr holding an IPv4 address to one holding the IPv4-mapped IPv6 form of that address incorrectly returned true, even though the Addr values were different when comparing with == or Addr.Compare. This bug is now fixed and all three approaches now report the same result. * os: The Stat function now sets the ModeSocket bit for files that are Unix sockets on Windows. These files are identified by having a reparse tag set to IO_REPARSE_TAG_AF_UNIX. * os: On Windows, the mode bits reported by Lstat and Stat for reparse points changed. Mount points no longer have ModeSymlink set, and reparse points that are not symlinks, Unix sockets, or dedup files now always have ModeIrregular set. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * os: The CopyFS function copies an io/fs.FS into the local filesystem. * os: On Windows, Readlink no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * os: On Linux with pidfd support (generally Linux v5.4+), Process-related functions and methods use pidfd (rather than PID) internally, eliminating potential mistargeting when a PID is reused by the OS. Pidfd support is fully transparent to a user, except for additional process file descriptors that a process may have. * path/filepath: The new Localize function safely converts a slash-separated path into an operating system path. * path/filepath: On Windows, EvalSymlinks no longer evaluates mount points, which was a source of many inconsistencies and bugs. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * path/filepath: On Windows, EvalSymlinks no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * reflect: The new methods synonymous with the methods of the same name in Value are added to Type: - Type.OverflowComplex - Type.OverflowFloat - Type.OverflowInt - Type.OverflowUint * reflect: The new SliceAt function is analogous to NewAt, but for slices. * reflect: The Value.Pointer and Value.UnsafePointer methods now support values of kind String. * reflect: The new methods Value.Seq and Value.Seq2 return sequences that iterate over the value as though it were used in a for/range loop. The new methods Type.CanSeq and Type.CanSeq2 report whether calling Value.Seq and Value.Seq2, respectively, will succeed without panicking. * runtime/debug: The SetCrashOutput function allows the user to specify an alternate file to which the runtime should write its fatal crash report. It may be used to construct an automated reporting mechanism for all unexpected crashes, not just those in goroutines that explicitly use recover. * runtime/pprof: The maximum stack depth for alloc, mutex, block, threadcreate and goroutine profiles has been raised from 32 to 128 frames. * runtime/trace: The runtime now explicitly flushes trace data when a program crashes due to an uncaught panic. This means that more complete trace data will be available in a trace if the program crashes while tracing is active. * slices: The Repeat function returns a new slice that repeats the provided slice the given number of times. * sync: The Map.Clear method deletes all the entries, resulting in an empty Map. It is analogous to clear. * sync/atomic: The new And and Or operators apply a bitwise AND or OR to the given input, returning the old value. * syscall: The syscall package now defines WSAENOPROTOOPT on Windows. * syscall: The GetsockoptInt function is now supported on Windows. * testing/fstest: TestFS now returns a structured error that can be unwrapped (via method Unwrap() []error). This allows inspecting errors using errors.Is or errors.As. * text/template: Templates now support the new 'else with' action, which reduces template complexity in some use cases. * time: Parse and ParseInLocation now return an error if the time zone offset is out of range. * unicode/utf16: The RuneLen function returns the number of 16-bit words in the UTF-16 encoding of the rune. It returns -1 if the rune is not a valid value to encode in UTF-16. * Port: Darwin: As announced in the Go 1.22 release notes, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. * Port: Linux: Go 1.23 is the last release that requires Linux kernel version 2.6.32 or later. Go 1.24 will require Linux kernel version 3.17 or later, with an exception that systems running 3.10 or later will continue to be supported if the kernel has been patched to support the getrandom system call. * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64). * Port: ARM64: Go 1.23 introduces a new GOARM64 environment variable, which specifies the minimum target version of the ARM64 architecture at compile time. Allowed values are v8.{0-9} and v9.{0-5}. This may be followed by an option specifying extensions implemented by target hardware. Valid options are ,lse and ,crypto. The GOARM64 environment variable defaults to v8.0. * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment variable, which selects the RISC-V user-mode application profile for which to compile. Allowed values are rva20u64 and rva22u64. The GORISCV64 environment variable defaults to rva20u64. * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm has dropped support for versions of wasmtime < 14.0.0. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:4307-1 Released: Fri Dec 13 08:45:49 2024 Summary: Recommended update for go1.23-openssl Type: recommended Severity: moderate References: 1233306 This update for go1.23-openssl fixes the following issues: - Write three digit version to file VERSION which sets go env GOVERSION. Fixes bsc#1233306. * Go toolchain file VERSION sets the immutable value for go env GOVERSION * go1.x-openssl toolchains have used a bespoke fourth digit to represent the upstream patch set release number, e.g. go1.22.9-1-openssl-fips. This digit has not been needed. * Some Go applications including helm break when this fourth digit is present in VERSION, with error: go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local) * Keep the fourth digit in the packaging for now, it will be dropped in the next toolchain version update. The following package changes have been done: - go1.23-openssl-doc-1.23.2.2-150600.13.6.1 added - go1.23-openssl-1.23.2.2-150600.13.6.1 added - go1.23-openssl-race-1.23.2.2-150600.13.6.1 added - container:registry.suse.com-bci-bci-base-15.6-81b3dee4f6f9dcbad6516e240321f7b224a3675aa76ef21cb9e6c7d7eb5e3a41-0 updated - go1.22-openssl-1.22.9.1-150600.13.8.1 removed - go1.22-openssl-doc-1.22.9.1-150600.13.8.1 removed - go1.22-openssl-race-1.22.9.1-150600.13.8.1 removed From sle-container-updates at lists.suse.com Thu May 22 07:28:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:28:34 +0200 (CEST) Subject: SUSE-CU-2025:3609-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250522072834.0DD8DF783@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3609-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.51 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.51 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:29:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:29:13 +0200 (CEST) Subject: SUSE-CU-2025:3610-1: Recommended update of bci/bci-init Message-ID: <20250522072913.F0B1AF783@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3610-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.41.5 , bci/bci-init:latest Container Release : 41.5 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-81b3dee4f6f9dcbad6516e240321f7b224a3675aa76ef21cb9e6c7d7eb5e3a41-0 updated From sle-container-updates at lists.suse.com Thu May 22 07:33:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:33:35 +0200 (CEST) Subject: SUSE-CU-2025:3616-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250522073335.057ABFD12@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3616-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.28 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.28 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated From sle-container-updates at lists.suse.com Thu May 22 07:33:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:33:34 +0200 (CEST) Subject: SUSE-CU-2025:3615-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250522073334.2F783F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3615-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.27 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.27 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1642-1 Released: Wed May 21 16:31:58 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - build both static and dynamic libraries on new suse distros - support the apk package and repository format (both v2 and v3) - new dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - BuildRequires: %{libsolv_devel_package} >= 0.7.32. - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false). - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change. - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - RpmPkgSigCheck_test: Exchange the test package signingkey - Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS - Strip a mediahandler tag from baseUrl querystrings. - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - Package preloader that concurrently downloads files. - BuildRequires: libzypp-devel >= 17.36.4. - refresh: add --include-all-archs - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150400.3.35.1 updated - libsolv-tools-0.7.32-150400.3.35.1 updated - libzypp-17.36.7-150400.3.119.1 updated - zypper-1.14.89-150400.3.82.1 updated - container:sles15-ltss-image-15.4.0-2.43 updated From sle-container-updates at lists.suse.com Thu May 22 07:34:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 May 2025 09:34:28 +0200 (CEST) Subject: SUSE-CU-2025:3617-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250522073428.4B394F783@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3617-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.33 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.33 Severity : important Type : recommended References : 1222044 1230267 1235598 1237172 1237587 1237949 1238315 1239809 1240529 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1642-1 Released: Wed May 21 16:31:58 2025 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529 This update for libsolv, libzypp, zypper fixes the following issues: - build both static and dynamic libraries on new suse distros - support the apk package and repository format (both v2 and v3) - new dataiterator_final_{repo,solvable} functions - Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598) - XmlReader: Fix detection of bad input streams - rpm: Fix detection of %triggerscript starts (bsc#1222044) - RepoindexFileReader: add more related attributes a service may set. - Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172) - BuildRequires: %{libsolv_devel_package} >= 0.7.32. - Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529) - Fix zypp.conf dupAllowVendorChange to reflect the correct default (false). - zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809) - Fix computation of RepStatus if Repo URLs change. - Fix lost double slash when appending to an absolute FTP url (bsc#1238315) - Add a transaction package preloader - RpmPkgSigCheck_test: Exchange the test package signingkey - Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS - Strip a mediahandler tag from baseUrl querystrings. - Updated translations (bsc#1230267) - Do not double encode URL strings passed on the commandline (bsc#1237587) - Package preloader that concurrently downloads files. - BuildRequires: libzypp-devel >= 17.36.4. - refresh: add --include-all-archs - info,search: add option to search and list Enhances (bsc#1237949) The following package changes have been done: - libsolv-tools-base-0.7.32-150400.3.35.1 updated - libsolv-tools-0.7.32-150400.3.35.1 updated - libzypp-17.36.7-150400.3.119.1 updated - zypper-1.14.89-150400.3.82.1 updated - container:sles15-ltss-image-15.4.0-2.43 updated From sle-container-updates at lists.suse.com Fri May 23 07:05:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 May 2025 09:05:06 +0200 (CEST) Subject: SUSE-IU-2025:1392-1: Security update of suse/sle-micro/5.5 Message-ID: <20250523070506.54716FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1392-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.299 , suse/sle-micro/5.5:latest Image Release : 5.5.299 Severity : moderate Type : security References : 1237147 1237180 1241938 1243106 CVE-2025-22247 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1658-1 Released: Thu May 22 15:34:33 2025 Summary: Security update for open-vm-tools Type: security Severity: moderate References: 1237147,1237180,1241938,1243106,CVE-2025-22247 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fixed building with containerd 1.7.25+ (bsc#1237147) - Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog The following package changes have been done: - libvmtools0-12.5.2-150300.58.1 updated - open-vm-tools-12.5.2-150300.58.1 updated From sle-container-updates at lists.suse.com Fri May 23 07:17:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 May 2025 09:17:36 +0200 (CEST) Subject: SUSE-CU-2025:3631-1: Recommended update of bci/kiwi Message-ID: <20250523071736.A885FF783@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3631-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-24.11 , bci/kiwi:latest Container Release : 24.11 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:registry.suse.com-bci-bci-base-15.6-81b3dee4f6f9dcbad6516e240321f7b224a3675aa76ef21cb9e6c7d7eb5e3a41-0 updated From sle-container-updates at lists.suse.com Wed May 14 07:02:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 May 2025 09:02:37 +0200 (CEST) Subject: SUSE-IU-2025:1324-1: Security update of suse-sles-15-sp5-chost-byos-v20250512-x86_64-gen2 Message-ID: <20250514070237.AB1A9FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250512-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1324-1 Image Tags : suse-sles-15-sp5-chost-byos-v20250512-x86_64-gen2:20250512 Image Release : Severity : important Type : security References : 1065729 1180814 1183663 1183682 1189788 1190336 1190768 1190786 1193173 1193629 1194869 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1208995 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1211547 1213167 1213291 1214290 1214713 1216049 1216091 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216813 1216827 1216938 1217287 1218201 1218282 1218324 1218450 1218812 1218814 1219241 1219639 1220946 1221651 1222021 1222650 1222896 1223330 1223384 1225428 1225736 1225742 1225742 1226848 1226980 1227127 1228265 1228434 1228537 1228592 1229312 1229685 1229822 1230078 1230341 1230371 1230432 1230527 1230697 1231088 1231375 1231396 1231423 1231432 1231472 1231838 1231847 1231854 1232234 1232234 1232299 1232472 1232743 1232914 1232919 1233028 1233055 1233097 1233103 1233112 1233137 1233307 1233464 1233479 1233488 1233557 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233642 1233701 1233726 1233749 1233749 1233778 1234024 1234025 1234074 1234078 1234087 1234089 1234153 1234154 1234155 1234223 1234381 1234383 1234452 1234452 1234650 1234683 1234690 1234798 1234825 1234829 1234832 1234853 1234884 1234889 1234891 1234894 1234895 1234896 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234958 1234962 1234963 1234999 1235002 1235009 1235011 1235053 1235054 1235057 1235059 1235061 1235073 1235100 1235111 1235122 1235123 1235133 1235134 1235140 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235481 1235491 1235495 1235496 1235521 1235528 1235557 1235563 1235570 1235584 1235599 1235611 1235635 1235641 1235643 1235645 1235647 1235695 1235723 1235739 1235747 1235751 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235870 1235920 1235969 1236033 1236133 1236151 1236282 1236289 1236316 1236317 1236384 1236481 1236576 1236628 1236661 1236677 1236705 1236757 1236758 1236760 1236761 1236777 1236779 1236820 1236842 1236878 1236939 1236951 1236974 1236983 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237025 1237028 1237029 1237040 1237044 1237137 1237139 1237294 1237316 1237335 1237363 1237367 1237370 1237418 1237521 1237530 1237693 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237865 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238033 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238879 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239185 1239322 1239452 1239454 1239465 1239618 1239663 1239680 1239749 1239909 1239968 1239969 1240009 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 1240343 1240343 1241020 1241078 1241189 1241453 1241551 1241678 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49080 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1192 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-4016 CVE-2023-52572 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-10041 CVE-2024-10041 CVE-2024-11168 CVE-2024-12133 CVE-2024-12243 CVE-2024-23650 CVE-2024-26634 CVE-2024-26758 CVE-2024-26943 CVE-2024-29018 CVE-2024-29018 CVE-2024-36898 CVE-2024-38599 CVE-2024-40635 CVE-2024-41047 CVE-2024-41110 CVE-2024-43790 CVE-2024-43802 CVE-2024-45019 CVE-2024-45306 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-46858 CVE-2024-47678 CVE-2024-50051 CVE-2024-50115 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50290 CVE-2024-50299 CVE-2024-53063 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53124 CVE-2024-53127 CVE-2024-53129 CVE-2024-53135 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173 CVE-2024-53174 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53226 CVE-2024-53227 CVE-2024-53229 CVE-2024-53239 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56171 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56539 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56605 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56651 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56737 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-57948 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2024-8176 CVE-2024-8805 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21699 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 CVE-2025-22134 CVE-2025-22868 CVE-2025-22869 CVE-2025-2312 CVE-2025-24014 CVE-2025-24928 CVE-2025-2588 CVE-2025-26465 CVE-2025-27113 CVE-2025-27363 CVE-2025-27516 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20250512-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:577-1 Released: Tue Feb 18 13:51:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:587-1 Released: Wed Feb 19 08:29:17 2025 Summary: Security update for grub2 Type: security Severity: important References: 1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:605-1 Released: Thu Feb 20 15:42:48 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,CVE-2025-26465 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:765-1 Released: Mon Mar 3 09:44:13 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:829-1 Released: Tue Mar 11 08:36:43 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137 This update for kdump fixes the following issue: - Fix filtering ReadOnly keys in kdump_bond_config (bsc#1233137). kdump fails to bring network due to bad bond config ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:833-1 Released: Tue Mar 11 11:53:19 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:934-1 Released: Wed Mar 19 11:08:10 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237865 This update for grub2 fixes the following issues: - Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1004-1 Released: Tue Mar 25 09:42:38 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1034-1 Released: Thu Mar 27 07:50:58 2025 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1235140 This update for python-azure-agent fixes the following issues: - Update to version 2.12.04 (bsc#1235140) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1241-1 Released: Mon Apr 14 12:37:06 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,123802 1,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,123 8277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238613,1238615, 1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,1239060,1239070,1239071,12390 73,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-490 44,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE- 2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CVE-2022-49227,CVE-2022-49 228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE -2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,CVE-2022-49392,CVE-2022-4 9394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022-49480,CVE-2022-49481,CV E-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49560,CVE-2022- 49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,C VE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-529 92,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - apparmor-abstractions-3.0.4-150500.11.18.1 updated - apparmor-parser-3.0.4-150500.11.18.1 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - docker-27.5.1_ce-150000.218.1 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated - grub2-i386-pc-2.06-150500.29.46.2 updated - grub2-x86_64-efi-2.06-150500.29.46.2 updated - grub2-2.06-150500.29.46.2 updated - hwinfo-21.87-150500.3.6.1 updated - iproute2-5.14-150400.3.3.1 updated - kdump-1.0.2+git48.g64445e1-150500.3.9.2 updated - kernel-default-5.14.21-150500.55.100.1 updated - libapparmor1-3.0.4-150500.11.18.1 updated - libaugeas0-1.12.0-150400.3.8.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgnutls30-3.7.3-150400.4.47.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.3-150500.6.42.1 updated - openssh-clients-8.4p1-150300.3.42.1 updated - openssh-common-8.4p1-150300.3.42.1 updated - openssh-server-8.4p1-150300.3.42.1 updated - openssh-8.4p1-150300.3.42.1 updated - pam-1.3.0-150000.6.76.1 updated - procps-3.3.17-150000.7.42.1 updated - python-azure-agent-config-server-2.12.0.4-150100.3.47.1 updated - python-azure-agent-2.12.0.4-150100.3.47.1 updated - python3-Jinja2-2.10.1-150000.3.21.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - supportutils-3.2.10-150300.7.35.36.4 updated - suse-build-key-12.0-150000.8.58.1 updated - timezone-2025b-150000.75.34.2 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - zypper-1.14.85-150500.6.26.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-lxml-4.9.1-150500.3.4.3 removed From sle-container-updates at lists.suse.com Wed May 14 07:02:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 May 2025 09:02:51 +0200 (CEST) Subject: SUSE-IU-2025:1325-1: Security update of suse-sles-15-sp5-chost-byos-v20250512-hvm-ssd-x86_64 Message-ID: <20250514070251.60822FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250512-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1325-1 Image Tags : suse-sles-15-sp5-chost-byos-v20250512-hvm-ssd-x86_64:20250512 Image Release : Severity : important Type : security References : 1065729 1180814 1183663 1183682 1189788 1190336 1190768 1190786 1193173 1193629 1194869 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1208995 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1211547 1213167 1213291 1214290 1214713 1216049 1216091 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216813 1216827 1216938 1217287 1218201 1218282 1218324 1218450 1218812 1218814 1219241 1219639 1220946 1221651 1222021 1222650 1222896 1223330 1223384 1225428 1225736 1225742 1225742 1226848 1226980 1227127 1228265 1228434 1228537 1228592 1229312 1229685 1229822 1230078 1230341 1230371 1230432 1230527 1230697 1231088 1231375 1231396 1231423 1231432 1231472 1231838 1231847 1231854 1232234 1232234 1232299 1232472 1232743 1232914 1232919 1233028 1233055 1233097 1233103 1233112 1233137 1233307 1233464 1233479 1233488 1233557 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233642 1233701 1233726 1233749 1233749 1233778 1234024 1234025 1234074 1234078 1234087 1234089 1234153 1234154 1234155 1234223 1234381 1234383 1234452 1234452 1234650 1234683 1234690 1234798 1234825 1234829 1234832 1234853 1234884 1234889 1234891 1234894 1234895 1234896 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234958 1234962 1234963 1234999 1235002 1235009 1235011 1235053 1235054 1235057 1235059 1235061 1235073 1235100 1235111 1235122 1235123 1235133 1235134 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235481 1235491 1235495 1235496 1235521 1235528 1235557 1235563 1235570 1235584 1235599 1235611 1235635 1235641 1235643 1235645 1235647 1235695 1235723 1235739 1235747 1235751 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235870 1235920 1235969 1236033 1236133 1236151 1236282 1236289 1236316 1236317 1236384 1236481 1236576 1236628 1236661 1236677 1236705 1236757 1236758 1236760 1236761 1236777 1236779 1236820 1236842 1236878 1236939 1236951 1236974 1236983 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237025 1237028 1237029 1237040 1237044 1237137 1237139 1237294 1237316 1237335 1237363 1237367 1237370 1237418 1237521 1237530 1237693 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237865 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238033 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238879 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239185 1239322 1239452 1239454 1239465 1239618 1239663 1239680 1239749 1239909 1239968 1239969 1240009 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 1240343 1240343 1241020 1241078 1241189 1241453 1241551 1241678 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49080 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1192 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-4016 CVE-2023-52572 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-10041 CVE-2024-10041 CVE-2024-11168 CVE-2024-12133 CVE-2024-12243 CVE-2024-23650 CVE-2024-26634 CVE-2024-26758 CVE-2024-26943 CVE-2024-29018 CVE-2024-29018 CVE-2024-36898 CVE-2024-38599 CVE-2024-40635 CVE-2024-41047 CVE-2024-41110 CVE-2024-43790 CVE-2024-43802 CVE-2024-45019 CVE-2024-45306 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-46858 CVE-2024-47678 CVE-2024-50051 CVE-2024-50115 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50290 CVE-2024-50299 CVE-2024-53063 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53124 CVE-2024-53127 CVE-2024-53129 CVE-2024-53135 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173 CVE-2024-53174 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53226 CVE-2024-53227 CVE-2024-53229 CVE-2024-53239 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56171 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56539 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56605 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56651 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56737 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-57948 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2024-8176 CVE-2024-8805 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21699 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 CVE-2025-22134 CVE-2025-22868 CVE-2025-22869 CVE-2025-2312 CVE-2025-24014 CVE-2025-24928 CVE-2025-2588 CVE-2025-26465 CVE-2025-27113 CVE-2025-27363 CVE-2025-27516 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20250512-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:577-1 Released: Tue Feb 18 13:51:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:587-1 Released: Wed Feb 19 08:29:17 2025 Summary: Security update for grub2 Type: security Severity: important References: 1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:605-1 Released: Thu Feb 20 15:42:48 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,CVE-2025-26465 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:765-1 Released: Mon Mar 3 09:44:13 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:829-1 Released: Tue Mar 11 08:36:43 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137 This update for kdump fixes the following issue: - Fix filtering ReadOnly keys in kdump_bond_config (bsc#1233137). kdump fails to bring network due to bad bond config ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:833-1 Released: Tue Mar 11 11:53:19 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:934-1 Released: Wed Mar 19 11:08:10 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237865 This update for grub2 fixes the following issues: - Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1004-1 Released: Tue Mar 25 09:42:38 2025 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1238879,CVE-2025-27516 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1241-1 Released: Mon Apr 14 12:37:06 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,123802 1,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,123 8277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238613,1238615, 1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,1239060,1239070,1239071,12390 73,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-490 44,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE- 2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CVE-2022-49227,CVE-2022-49 228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE -2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,CVE-2022-49392,CVE-2022-4 9394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022-49480,CVE-2022-49481,CV E-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49560,CVE-2022- 49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,C VE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-529 92,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - apparmor-abstractions-3.0.4-150500.11.18.1 updated - apparmor-parser-3.0.4-150500.11.18.1 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - docker-27.5.1_ce-150000.218.1 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated - grub2-i386-pc-2.06-150500.29.46.2 updated - grub2-x86_64-efi-2.06-150500.29.46.2 updated - grub2-x86_64-xen-2.06-150500.29.46.2 updated - grub2-2.06-150500.29.46.2 updated - hwinfo-21.87-150500.3.6.1 updated - iproute2-5.14-150400.3.3.1 updated - kdump-1.0.2+git48.g64445e1-150500.3.9.2 updated - kernel-default-5.14.21-150500.55.100.1 updated - libapparmor1-3.0.4-150500.11.18.1 updated - libaugeas0-1.12.0-150400.3.8.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgnutls30-3.7.3-150400.4.47.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.3-150500.6.42.1 updated - openssh-clients-8.4p1-150300.3.42.1 updated - openssh-common-8.4p1-150300.3.42.1 updated - openssh-server-8.4p1-150300.3.42.1 updated - openssh-8.4p1-150300.3.42.1 updated - pam-1.3.0-150000.6.76.1 updated - procps-3.3.17-150000.7.42.1 updated - python3-Jinja2-2.10.1-150000.3.21.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - supportutils-3.2.10-150300.7.35.36.4 updated - suse-build-key-12.0-150000.8.58.1 updated - timezone-2025b-150000.75.34.2 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - zypper-1.14.85-150500.6.26.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-lxml-4.9.1-150500.3.4.3 removed From sle-container-updates at lists.suse.com Wed May 14 07:03:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 May 2025 09:03:17 +0200 (CEST) Subject: SUSE-IU-2025:1326-1: Security update of sles-15-sp5-chost-byos-v20250512-arm64 Message-ID: <20250514070317.56AA2FCFE@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20250512-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1326-1 Image Tags : sles-15-sp5-chost-byos-v20250512-arm64:20250512 Image Release : Severity : important Type : security References : 1065729 1180814 1183663 1183682 1189788 1190336 1190768 1190786 1193173 1193629 1194869 1194869 1194904 1195823 1196444 1197158 1197174 1197227 1197246 1197302 1197331 1197472 1197661 1197926 1198019 1198021 1198240 1198577 1198660 1199657 1200045 1200571 1200807 1200809 1200810 1200824 1200825 1200871 1200872 1201193 1201218 1201323 1201381 1201610 1202672 1202711 1202712 1202771 1202774 1202778 1202781 1203699 1203769 1204171 1205205 1205701 1206048 1206049 1206451 1207034 1207186 1207361 1207593 1207640 1207878 1208995 1209262 1209547 1209788 1209980 1210050 1210647 1211263 1211547 1213167 1213291 1214290 1214713 1216049 1216091 1216146 1216147 1216150 1216151 1216228 1216229 1216230 1216231 1216232 1216233 1216241 1216388 1216522 1216813 1216827 1216938 1217287 1218201 1218282 1218324 1218450 1218812 1218814 1219241 1219639 1220946 1221651 1222021 1222650 1222896 1223330 1223384 1225428 1225736 1225742 1225742 1226848 1226980 1227127 1228265 1228434 1228537 1228592 1229312 1229685 1229822 1230078 1230341 1230371 1230432 1230527 1230697 1231088 1231375 1231396 1231423 1231432 1231472 1231775 1231776 1231838 1231847 1231854 1232234 1232234 1232299 1232472 1232743 1232914 1232919 1233028 1233055 1233097 1233103 1233112 1233137 1233307 1233464 1233479 1233488 1233557 1233606 1233608 1233609 1233610 1233612 1233613 1233614 1233615 1233616 1233617 1233642 1233701 1233726 1233749 1233749 1233778 1234024 1234025 1234074 1234078 1234087 1234089 1234153 1234154 1234155 1234223 1234381 1234383 1234452 1234452 1234563 1234650 1234683 1234690 1234798 1234825 1234829 1234832 1234853 1234884 1234889 1234891 1234894 1234895 1234896 1234896 1234899 1234900 1234905 1234909 1234916 1234918 1234922 1234930 1234931 1234934 1234958 1234962 1234963 1234999 1235002 1235009 1235011 1235053 1235054 1235057 1235059 1235061 1235073 1235100 1235111 1235122 1235123 1235133 1235134 1235217 1235222 1235230 1235249 1235410 1235430 1235433 1235441 1235451 1235458 1235466 1235473 1235480 1235481 1235491 1235495 1235496 1235521 1235528 1235557 1235563 1235570 1235584 1235599 1235611 1235635 1235641 1235643 1235645 1235647 1235664 1235695 1235723 1235739 1235747 1235751 1235759 1235764 1235768 1235806 1235812 1235814 1235818 1235842 1235870 1235920 1235969 1236033 1236133 1236151 1236282 1236289 1236316 1236317 1236384 1236403 1236481 1236560 1236576 1236628 1236661 1236677 1236705 1236757 1236758 1236760 1236761 1236777 1236779 1236820 1236842 1236878 1236939 1236951 1236974 1236983 1237002 1237006 1237008 1237009 1237010 1237011 1237012 1237013 1237014 1237025 1237028 1237029 1237040 1237044 1237137 1237139 1237294 1237316 1237335 1237363 1237367 1237370 1237418 1237521 1237530 1237693 1237718 1237721 1237722 1237723 1237724 1237725 1237726 1237727 1237728 1237729 1237730 1237733 1237734 1237735 1237736 1237737 1237738 1237739 1237740 1237742 1237743 1237744 1237745 1237746 1237748 1237749 1237751 1237752 1237753 1237755 1237759 1237761 1237763 1237766 1237767 1237768 1237774 1237775 1237778 1237779 1237780 1237782 1237783 1237784 1237785 1237786 1237787 1237788 1237789 1237790 1237792 1237794 1237795 1237797 1237798 1237799 1237807 1237808 1237809 1237810 1237812 1237813 1237814 1237815 1237816 1237817 1237818 1237820 1237821 1237823 1237824 1237826 1237827 1237829 1237831 1237835 1237836 1237837 1237839 1237840 1237845 1237846 1237865 1237868 1237872 1237892 1237903 1237904 1237916 1237918 1237922 1237925 1237926 1237927 1237928 1237929 1237931 1237932 1237933 1237937 1237940 1237941 1237942 1237946 1237951 1237952 1237954 1237955 1237957 1237958 1237959 1237960 1237961 1237962 1237963 1237965 1237966 1237967 1237968 1237969 1237970 1237971 1237972 1237973 1237975 1237976 1237978 1237979 1237980 1237982 1237983 1237984 1237986 1237987 1237990 1237992 1237996 1237997 1237998 1237999 1238000 1238003 1238004 1238005 1238006 1238007 1238009 1238010 1238011 1238012 1238013 1238014 1238016 1238017 1238018 1238019 1238021 1238022 1238024 1238025 1238030 1238032 1238033 1238036 1238037 1238041 1238046 1238047 1238048 1238069 1238071 1238077 1238079 1238080 1238083 1238084 1238085 1238086 1238089 1238090 1238091 1238092 1238096 1238097 1238099 1238103 1238105 1238106 1238107 1238108 1238110 1238111 1238112 1238113 1238114 1238115 1238116 1238118 1238120 1238122 1238123 1238125 1238126 1238127 1238128 1238131 1238134 1238135 1238138 1238139 1238140 1238142 1238144 1238146 1238147 1238149 1238150 1238153 1238155 1238156 1238157 1238158 1238160 1238162 1238166 1238167 1238168 1238169 1238170 1238171 1238172 1238175 1238176 1238177 1238178 1238179 1238180 1238181 1238183 1238184 1238187 1238221 1238222 1238226 1238228 1238229 1238231 1238233 1238234 1238235 1238236 1238238 1238239 1238240 1238241 1238242 1238243 1238244 1238246 1238247 1238248 1238249 1238252 1238253 1238255 1238256 1238257 1238260 1238261 1238262 1238263 1238264 1238266 1238267 1238268 1238269 1238270 1238271 1238272 1238274 1238275 1238276 1238277 1238278 1238279 1238281 1238282 1238283 1238284 1238285 1238286 1238287 1238288 1238289 1238291 1238292 1238293 1238295 1238298 1238300 1238301 1238302 1238306 1238307 1238308 1238309 1238311 1238313 1238326 1238327 1238328 1238329 1238331 1238333 1238334 1238335 1238336 1238337 1238338 1238339 1238341 1238343 1238344 1238345 1238372 1238373 1238374 1238376 1238377 1238378 1238381 1238382 1238383 1238385 1238386 1238387 1238388 1238389 1238390 1238391 1238392 1238393 1238394 1238395 1238396 1238397 1238398 1238400 1238401 1238410 1238411 1238413 1238415 1238416 1238417 1238418 1238419 1238420 1238422 1238423 1238424 1238428 1238429 1238430 1238431 1238432 1238433 1238434 1238435 1238436 1238437 1238440 1238441 1238442 1238443 1238444 1238445 1238447 1238453 1238454 1238458 1238459 1238462 1238463 1238465 1238467 1238469 1238533 1238536 1238538 1238539 1238540 1238542 1238543 1238546 1238551 1238552 1238556 1238557 1238599 1238600 1238601 1238602 1238605 1238612 1238613 1238615 1238616 1238617 1238618 1238619 1238621 1238623 1238625 1238626 1238630 1238631 1238632 1238633 1238635 1238636 1238638 1238639 1238640 1238641 1238642 1238643 1238645 1238646 1238647 1238648 1238649 1238650 1238653 1238654 1238655 1238658 1238661 1238662 1238663 1238664 1238666 1238668 1238705 1238707 1238710 1238712 1238718 1238719 1238721 1238722 1238727 1238729 1238750 1238787 1238789 1238792 1238799 1238803 1238804 1238805 1238806 1238808 1238809 1238810 1238811 1238814 1238815 1238816 1238817 1238818 1238819 1238820 1238821 1238822 1238823 1238825 1238830 1238834 1238835 1238836 1238838 1238843 1238867 1238868 1238869 1238870 1238871 1238878 1238889 1238892 1238893 1238897 1238898 1238899 1238902 1238911 1238916 1238919 1238925 1238930 1238933 1238936 1238937 1238938 1238939 1238941 1238942 1238943 1238944 1238945 1238946 1238948 1238949 1238950 1238951 1238952 1238953 1238954 1238956 1238957 1239001 1239004 1239016 1239035 1239040 1239041 1239051 1239060 1239070 1239071 1239073 1239076 1239095 1239109 1239115 1239126 1239185 1239197 1239197 1239322 1239452 1239454 1239465 1239618 1239663 1239680 1239749 1239763 1239866 1239909 1239968 1239969 1240009 1240133 1240205 1240207 1240208 1240210 1240212 1240213 1240218 1240220 1240227 1240229 1240231 1240242 1240245 1240247 1240250 1240254 1240256 1240264 1240266 1240272 1240275 1240276 1240278 1240279 1240280 1240281 1240282 1240283 1240284 1240286 1240288 1240290 1240292 1240293 1240297 1240304 1240308 1240309 1240317 1240318 1240322 1240343 1240343 1241020 1241078 1241189 1241453 1241551 1241678 CVE-2017-5753 CVE-2021-4453 CVE-2021-4454 CVE-2021-47517 CVE-2021-47631 CVE-2021-47632 CVE-2021-47633 CVE-2021-47635 CVE-2021-47636 CVE-2021-47637 CVE-2021-47638 CVE-2021-47639 CVE-2021-47641 CVE-2021-47642 CVE-2021-47643 CVE-2021-47644 CVE-2021-47645 CVE-2021-47646 CVE-2021-47647 CVE-2021-47648 CVE-2021-47649 CVE-2021-47650 CVE-2021-47651 CVE-2021-47652 CVE-2021-47653 CVE-2021-47654 CVE-2021-47656 CVE-2021-47657 CVE-2021-47659 CVE-2022-0168 CVE-2022-0995 CVE-2022-1016 CVE-2022-1048 CVE-2022-1184 CVE-2022-2977 CVE-2022-29900 CVE-2022-29901 CVE-2022-3303 CVE-2022-3435 CVE-2022-49044 CVE-2022-49050 CVE-2022-49051 CVE-2022-49053 CVE-2022-49054 CVE-2022-49055 CVE-2022-49056 CVE-2022-49057 CVE-2022-49058 CVE-2022-49059 CVE-2022-49060 CVE-2022-49061 CVE-2022-49062 CVE-2022-49063 CVE-2022-49064 CVE-2022-49065 CVE-2022-49066 CVE-2022-49070 CVE-2022-49071 CVE-2022-49073 CVE-2022-49074 CVE-2022-49075 CVE-2022-49076 CVE-2022-49078 CVE-2022-49080 CVE-2022-49082 CVE-2022-49083 CVE-2022-49084 CVE-2022-49085 CVE-2022-49086 CVE-2022-49088 CVE-2022-49089 CVE-2022-49090 CVE-2022-49091 CVE-2022-49092 CVE-2022-49093 CVE-2022-49095 CVE-2022-49096 CVE-2022-49097 CVE-2022-49098 CVE-2022-49099 CVE-2022-49100 CVE-2022-49102 CVE-2022-49103 CVE-2022-49104 CVE-2022-49105 CVE-2022-49106 CVE-2022-49107 CVE-2022-49109 CVE-2022-49111 CVE-2022-49112 CVE-2022-49113 CVE-2022-49114 CVE-2022-49115 CVE-2022-49116 CVE-2022-49118 CVE-2022-49119 CVE-2022-49120 CVE-2022-49121 CVE-2022-49122 CVE-2022-49123 CVE-2022-49125 CVE-2022-49126 CVE-2022-49128 CVE-2022-49129 CVE-2022-49130 CVE-2022-49131 CVE-2022-49132 CVE-2022-49133 CVE-2022-49134 CVE-2022-49135 CVE-2022-49136 CVE-2022-49137 CVE-2022-49138 CVE-2022-49139 CVE-2022-49144 CVE-2022-49145 CVE-2022-49147 CVE-2022-49148 CVE-2022-49151 CVE-2022-49153 CVE-2022-49154 CVE-2022-49155 CVE-2022-49156 CVE-2022-49157 CVE-2022-49158 CVE-2022-49159 CVE-2022-49160 CVE-2022-49162 CVE-2022-49163 CVE-2022-49164 CVE-2022-49165 CVE-2022-49174 CVE-2022-49175 CVE-2022-49176 CVE-2022-49177 CVE-2022-49178 CVE-2022-49179 CVE-2022-49180 CVE-2022-49182 CVE-2022-49183 CVE-2022-49185 CVE-2022-49187 CVE-2022-49188 CVE-2022-49189 CVE-2022-49192 CVE-2022-49193 CVE-2022-49194 CVE-2022-49196 CVE-2022-49199 CVE-2022-49200 CVE-2022-49201 CVE-2022-49202 CVE-2022-49203 CVE-2022-49204 CVE-2022-49205 CVE-2022-49206 CVE-2022-49207 CVE-2022-49208 CVE-2022-49209 CVE-2022-49212 CVE-2022-49213 CVE-2022-49214 CVE-2022-49215 CVE-2022-49216 CVE-2022-49217 CVE-2022-49218 CVE-2022-49219 CVE-2022-49221 CVE-2022-49222 CVE-2022-49224 CVE-2022-49225 CVE-2022-49226 CVE-2022-49227 CVE-2022-49228 CVE-2022-49230 CVE-2022-49232 CVE-2022-49233 CVE-2022-49235 CVE-2022-49236 CVE-2022-49237 CVE-2022-49238 CVE-2022-49239 CVE-2022-49241 CVE-2022-49242 CVE-2022-49243 CVE-2022-49244 CVE-2022-49246 CVE-2022-49247 CVE-2022-49248 CVE-2022-49249 CVE-2022-49250 CVE-2022-49251 CVE-2022-49252 CVE-2022-49253 CVE-2022-49254 CVE-2022-49256 CVE-2022-49257 CVE-2022-49258 CVE-2022-49259 CVE-2022-49260 CVE-2022-49261 CVE-2022-49262 CVE-2022-49263 CVE-2022-49264 CVE-2022-49265 CVE-2022-49266 CVE-2022-49268 CVE-2022-49269 CVE-2022-49270 CVE-2022-49271 CVE-2022-49272 CVE-2022-49273 CVE-2022-49274 CVE-2022-49275 CVE-2022-49276 CVE-2022-49277 CVE-2022-49278 CVE-2022-49279 CVE-2022-49280 CVE-2022-49281 CVE-2022-49283 CVE-2022-49285 CVE-2022-49286 CVE-2022-49287 CVE-2022-49288 CVE-2022-49290 CVE-2022-49291 CVE-2022-49292 CVE-2022-49293 CVE-2022-49294 CVE-2022-49295 CVE-2022-49296 CVE-2022-49297 CVE-2022-49298 CVE-2022-49299 CVE-2022-49300 CVE-2022-49301 CVE-2022-49302 CVE-2022-49304 CVE-2022-49305 CVE-2022-49306 CVE-2022-49307 CVE-2022-49308 CVE-2022-49309 CVE-2022-49310 CVE-2022-49311 CVE-2022-49312 CVE-2022-49313 CVE-2022-49314 CVE-2022-49315 CVE-2022-49316 CVE-2022-49319 CVE-2022-49320 CVE-2022-49321 CVE-2022-49322 CVE-2022-49323 CVE-2022-49325 CVE-2022-49326 CVE-2022-49327 CVE-2022-49328 CVE-2022-49329 CVE-2022-49330 CVE-2022-49331 CVE-2022-49332 CVE-2022-49333 CVE-2022-49335 CVE-2022-49336 CVE-2022-49337 CVE-2022-49338 CVE-2022-49339 CVE-2022-49341 CVE-2022-49342 CVE-2022-49343 CVE-2022-49345 CVE-2022-49346 CVE-2022-49347 CVE-2022-49348 CVE-2022-49349 CVE-2022-49350 CVE-2022-49351 CVE-2022-49352 CVE-2022-49353 CVE-2022-49354 CVE-2022-49356 CVE-2022-49357 CVE-2022-49359 CVE-2022-49362 CVE-2022-49365 CVE-2022-49367 CVE-2022-49368 CVE-2022-49370 CVE-2022-49371 CVE-2022-49373 CVE-2022-49375 CVE-2022-49376 CVE-2022-49377 CVE-2022-49378 CVE-2022-49379 CVE-2022-49381 CVE-2022-49382 CVE-2022-49384 CVE-2022-49385 CVE-2022-49386 CVE-2022-49389 CVE-2022-49390 CVE-2022-49392 CVE-2022-49394 CVE-2022-49396 CVE-2022-49397 CVE-2022-49398 CVE-2022-49399 CVE-2022-49400 CVE-2022-49402 CVE-2022-49404 CVE-2022-49406 CVE-2022-49407 CVE-2022-49409 CVE-2022-49410 CVE-2022-49411 CVE-2022-49412 CVE-2022-49413 CVE-2022-49414 CVE-2022-49416 CVE-2022-49418 CVE-2022-49419 CVE-2022-49421 CVE-2022-49422 CVE-2022-49424 CVE-2022-49426 CVE-2022-49427 CVE-2022-49429 CVE-2022-49430 CVE-2022-49431 CVE-2022-49432 CVE-2022-49433 CVE-2022-49434 CVE-2022-49435 CVE-2022-49436 CVE-2022-49437 CVE-2022-49438 CVE-2022-49440 CVE-2022-49441 CVE-2022-49442 CVE-2022-49443 CVE-2022-49444 CVE-2022-49445 CVE-2022-49446 CVE-2022-49447 CVE-2022-49448 CVE-2022-49449 CVE-2022-49451 CVE-2022-49453 CVE-2022-49455 CVE-2022-49458 CVE-2022-49459 CVE-2022-49460 CVE-2022-49462 CVE-2022-49463 CVE-2022-49465 CVE-2022-49466 CVE-2022-49467 CVE-2022-49468 CVE-2022-49470 CVE-2022-49472 CVE-2022-49473 CVE-2022-49474 CVE-2022-49475 CVE-2022-49476 CVE-2022-49477 CVE-2022-49478 CVE-2022-49479 CVE-2022-49480 CVE-2022-49481 CVE-2022-49482 CVE-2022-49483 CVE-2022-49484 CVE-2022-49485 CVE-2022-49486 CVE-2022-49487 CVE-2022-49488 CVE-2022-49489 CVE-2022-49490 CVE-2022-49491 CVE-2022-49492 CVE-2022-49493 CVE-2022-49494 CVE-2022-49495 CVE-2022-49497 CVE-2022-49498 CVE-2022-49499 CVE-2022-49501 CVE-2022-49502 CVE-2022-49503 CVE-2022-49504 CVE-2022-49505 CVE-2022-49506 CVE-2022-49507 CVE-2022-49508 CVE-2022-49509 CVE-2022-49510 CVE-2022-49511 CVE-2022-49512 CVE-2022-49514 CVE-2022-49515 CVE-2022-49516 CVE-2022-49517 CVE-2022-49518 CVE-2022-49519 CVE-2022-49520 CVE-2022-49521 CVE-2022-49522 CVE-2022-49523 CVE-2022-49524 CVE-2022-49525 CVE-2022-49526 CVE-2022-49527 CVE-2022-49529 CVE-2022-49530 CVE-2022-49532 CVE-2022-49533 CVE-2022-49534 CVE-2022-49535 CVE-2022-49536 CVE-2022-49537 CVE-2022-49538 CVE-2022-49541 CVE-2022-49542 CVE-2022-49543 CVE-2022-49544 CVE-2022-49545 CVE-2022-49546 CVE-2022-49548 CVE-2022-49549 CVE-2022-49551 CVE-2022-49552 CVE-2022-49555 CVE-2022-49556 CVE-2022-49559 CVE-2022-49560 CVE-2022-49562 CVE-2022-49563 CVE-2022-49564 CVE-2022-49565 CVE-2022-49566 CVE-2022-49568 CVE-2022-49569 CVE-2022-49570 CVE-2022-49579 CVE-2022-49581 CVE-2022-49583 CVE-2022-49584 CVE-2022-49591 CVE-2022-49592 CVE-2022-49603 CVE-2022-49605 CVE-2022-49606 CVE-2022-49607 CVE-2022-49609 CVE-2022-49610 CVE-2022-49611 CVE-2022-49613 CVE-2022-49615 CVE-2022-49616 CVE-2022-49617 CVE-2022-49618 CVE-2022-49621 CVE-2022-49623 CVE-2022-49624 CVE-2022-49625 CVE-2022-49626 CVE-2022-49627 CVE-2022-49628 CVE-2022-49631 CVE-2022-49634 CVE-2022-49635 CVE-2022-49638 CVE-2022-49640 CVE-2022-49641 CVE-2022-49642 CVE-2022-49643 CVE-2022-49644 CVE-2022-49645 CVE-2022-49646 CVE-2022-49647 CVE-2022-49648 CVE-2022-49649 CVE-2022-49650 CVE-2022-49652 CVE-2022-49653 CVE-2022-49655 CVE-2022-49656 CVE-2022-49657 CVE-2022-49658 CVE-2022-49661 CVE-2022-49663 CVE-2022-49665 CVE-2022-49667 CVE-2022-49668 CVE-2022-49670 CVE-2022-49671 CVE-2022-49672 CVE-2022-49673 CVE-2022-49674 CVE-2022-49675 CVE-2022-49676 CVE-2022-49677 CVE-2022-49678 CVE-2022-49679 CVE-2022-49680 CVE-2022-49683 CVE-2022-49685 CVE-2022-49686 CVE-2022-49687 CVE-2022-49688 CVE-2022-49693 CVE-2022-49694 CVE-2022-49695 CVE-2022-49697 CVE-2022-49699 CVE-2022-49700 CVE-2022-49701 CVE-2022-49703 CVE-2022-49704 CVE-2022-49705 CVE-2022-49707 CVE-2022-49708 CVE-2022-49710 CVE-2022-49711 CVE-2022-49712 CVE-2022-49713 CVE-2022-49714 CVE-2022-49715 CVE-2022-49716 CVE-2022-49719 CVE-2022-49720 CVE-2022-49721 CVE-2022-49722 CVE-2022-49723 CVE-2022-49724 CVE-2022-49725 CVE-2022-49726 CVE-2022-49729 CVE-2022-49730 CVE-2022-49731 CVE-2022-49732 CVE-2022-49733 CVE-2022-49739 CVE-2022-49746 CVE-2022-49748 CVE-2022-49751 CVE-2022-49753 CVE-2022-49755 CVE-2022-49759 CVE-2023-0179 CVE-2023-1192 CVE-2023-1652 CVE-2023-2162 CVE-2023-28410 CVE-2023-3567 CVE-2023-4016 CVE-2023-52572 CVE-2023-52930 CVE-2023-52933 CVE-2023-52935 CVE-2023-52939 CVE-2023-52941 CVE-2023-52973 CVE-2023-52974 CVE-2023-52975 CVE-2023-52976 CVE-2023-52979 CVE-2023-52983 CVE-2023-52984 CVE-2023-52988 CVE-2023-52989 CVE-2023-52992 CVE-2023-52993 CVE-2023-53000 CVE-2023-53005 CVE-2023-53006 CVE-2023-53007 CVE-2023-53008 CVE-2023-53010 CVE-2023-53015 CVE-2023-53016 CVE-2023-53019 CVE-2023-53023 CVE-2023-53024 CVE-2023-53025 CVE-2023-53026 CVE-2023-53028 CVE-2023-53029 CVE-2023-53030 CVE-2023-53033 CVE-2024-10041 CVE-2024-10041 CVE-2024-11168 CVE-2024-12133 CVE-2024-12243 CVE-2024-23650 CVE-2024-26634 CVE-2024-26758 CVE-2024-26943 CVE-2024-29018 CVE-2024-29018 CVE-2024-36898 CVE-2024-38599 CVE-2024-40635 CVE-2024-41047 CVE-2024-41110 CVE-2024-43790 CVE-2024-43802 CVE-2024-45019 CVE-2024-45306 CVE-2024-45337 CVE-2024-45339 CVE-2024-45774 CVE-2024-45775 CVE-2024-45776 CVE-2024-45777 CVE-2024-45778 CVE-2024-45779 CVE-2024-45780 CVE-2024-45781 CVE-2024-45782 CVE-2024-45783 CVE-2024-46858 CVE-2024-47678 CVE-2024-50051 CVE-2024-50115 CVE-2024-50136 CVE-2024-50142 CVE-2024-50151 CVE-2024-50195 CVE-2024-50199 CVE-2024-50210 CVE-2024-50275 CVE-2024-50290 CVE-2024-50299 CVE-2024-53063 CVE-2024-53095 CVE-2024-53103 CVE-2024-53104 CVE-2024-53112 CVE-2024-53121 CVE-2024-53124 CVE-2024-53127 CVE-2024-53129 CVE-2024-53135 CVE-2024-53138 CVE-2024-53141 CVE-2024-53144 CVE-2024-53148 CVE-2024-53151 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173 CVE-2024-53174 CVE-2024-53176 CVE-2024-53177 CVE-2024-53178 CVE-2024-53208 CVE-2024-53209 CVE-2024-53215 CVE-2024-53217 CVE-2024-53224 CVE-2024-53226 CVE-2024-53227 CVE-2024-53229 CVE-2024-53239 CVE-2024-53690 CVE-2024-54680 CVE-2024-55916 CVE-2024-56171 CVE-2024-56531 CVE-2024-56532 CVE-2024-56533 CVE-2024-56539 CVE-2024-56548 CVE-2024-56557 CVE-2024-56558 CVE-2024-56562 CVE-2024-56567 CVE-2024-56588 CVE-2024-56595 CVE-2024-56596 CVE-2024-56597 CVE-2024-56600 CVE-2024-56601 CVE-2024-56602 CVE-2024-56605 CVE-2024-56623 CVE-2024-56629 CVE-2024-56631 CVE-2024-56642 CVE-2024-56644 CVE-2024-56645 CVE-2024-56648 CVE-2024-56650 CVE-2024-56651 CVE-2024-56658 CVE-2024-56661 CVE-2024-56664 CVE-2024-56678 CVE-2024-56681 CVE-2024-56698 CVE-2024-56701 CVE-2024-56704 CVE-2024-56722 CVE-2024-56737 CVE-2024-56739 CVE-2024-56745 CVE-2024-56747 CVE-2024-56754 CVE-2024-56756 CVE-2024-56759 CVE-2024-56765 CVE-2024-56776 CVE-2024-56777 CVE-2024-56778 CVE-2024-57791 CVE-2024-57792 CVE-2024-57793 CVE-2024-57798 CVE-2024-57849 CVE-2024-57850 CVE-2024-57876 CVE-2024-57893 CVE-2024-57897 CVE-2024-57948 CVE-2024-57996 CVE-2024-58013 CVE-2024-58014 CVE-2024-8176 CVE-2024-8805 CVE-2025-0395 CVE-2025-0622 CVE-2025-0624 CVE-2025-0677 CVE-2025-0678 CVE-2025-0684 CVE-2025-0685 CVE-2025-0686 CVE-2025-0689 CVE-2025-0690 CVE-2025-0938 CVE-2025-1118 CVE-2025-1125 CVE-2025-1215 CVE-2025-21647 CVE-2025-21690 CVE-2025-21692 CVE-2025-21693 CVE-2025-21699 CVE-2025-21718 CVE-2025-21772 CVE-2025-21780 CVE-2025-22134 CVE-2025-22868 CVE-2025-22868 CVE-2025-22868 CVE-2025-22869 CVE-2025-2312 CVE-2025-24014 CVE-2025-24928 CVE-2025-2588 CVE-2025-26465 CVE-2025-27113 CVE-2025-27363 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20250512-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:508-1 Released: Thu Feb 13 12:29:31 2025 Summary: Recommended update for findutils Type: recommended Severity: moderate References: 1231472 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:548-1 Released: Fri Feb 14 11:19:24 2025 Summary: Security update for libtasn1 Type: security Severity: important References: 1236878,CVE-2024-12133 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:554-1 Released: Fri Feb 14 16:10:40 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1236705,CVE-2025-0938 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:562-1 Released: Mon Feb 17 12:43:41 2025 Summary: Security update for glibc Type: security Severity: low References: 1236282,CVE-2025-0395 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:577-1 Released: Tue Feb 18 13:51:28 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1216813,1223384,1225736,1226848,1226980,1228537,1228592,1230341,1230432,1230527,1230697,1231088,1231847,1232914,1233028,1233055,1233097,1233103,1233112,1233464,1233488,1233642,1233778,1234024,1234025,1234078,1234087,1234153,1234155,1234223,1234381,1234683,1234690,1234825,1234829,1234832,1234884,1234889,1234896,1234899,1234900,1234905,1234909,1234916,1234918,1234922,1234930,1234931,1234934,1234962,1234999,1235002,1235009,1235011,1235053,1235057,1235059,1235100,1235122,1235123,1235133,1235134,1235217,1235222,1235230,1235249,1235410,1235430,1235433,1235441,1235451,1235458,1235466,1235473,1235480,1235491,1235495,1235496,1235521,1235557,1235563,1235570,1235584,1235611,1235635,1235641,1235643,1235645,1235647,1235723,1235739,1235747,1235759,1235764,1235768,1235806,1235812,1235814,1235818,1235842,1235920,1235969,1236628,CVE-2024-26758,CVE-2024-26943,CVE-2024-36898,CVE-2024-38599,CVE-2024-41047,CVE-2024-45019,CVE-2024-46858,CVE-2024-50051,CVE-2024-50136,CVE-2024-50142,CVE -2024-50151,CVE-2024-50195,CVE-2024-50199,CVE-2024-50210,CVE-2024-50275,CVE-2024-50299,CVE-2024-53095,CVE-2024-53103,CVE-2024-53104,CVE-2024-53112,CVE-2024-53121,CVE-2024-53127,CVE-2024-53129,CVE-2024-53138,CVE-2024-53141,CVE-2024-53144,CVE-2024-53148,CVE-2024-53151,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53174,CVE-2024-53177,CVE-2024-53208,CVE-2024-53209,CVE-2024-53215,CVE-2024-53217,CVE-2024-53224,CVE-2024-53227,CVE-2024-53229,CVE-2024-53690,CVE-2024-54680,CVE-2024-55916,CVE-2024-56531,CVE-2024-56532,CVE-2024-56533,CVE-2024-56557,CVE-2024-56558,CVE-2024-56562,CVE-2024-56567,CVE-2024-56588,CVE-2024-56595,CVE-2024-56596,CVE-2024-56597,CVE-2024-56600,CVE-2024-56601,CVE-2024-56602,CVE-2024-56623,CVE-2024-56629,CVE-2024-56631,CVE-2024-56642,CVE-2024-56644,CVE-2024-56645,CVE-2024-56648,CVE-2024-56650,CVE-2024-56658,CVE-2024-56661,CVE-2024-56664,CVE-2024-56678,CVE-2024-56681,CVE-2024-56698,CVE-2024-56701,CVE-2024-56704,CVE-2024-56722,CVE-2024-56739,CVE-2024-56745,CVE-2024-5 6747,CVE-2024-56754,CVE-2024-56756,CVE-2024-56759,CVE-2024-56765,CVE-2024-56776,CVE-2024-56777,CVE-2024-56778,CVE-2024-57791,CVE-2024-57792,CVE-2024-57793,CVE-2024-57798,CVE-2024-57849,CVE-2024-57850,CVE-2024-57876,CVE-2024-57893,CVE-2024-57897,CVE-2024-8805 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:587-1 Released: Wed Feb 19 08:29:17 2025 Summary: Security update for grub2 Type: security Severity: important References: 1233606,1233608,1233609,1233610,1233612,1233613,1233614,1233615,1233616,1233617,1234958,1236316,1236317,1237002,1237006,1237008,1237009,1237010,1237011,1237012,1237013,1237014,CVE-2024-45774,CVE-2024-45775,CVE-2024-45776,CVE-2024-45777,CVE-2024-45778,CVE-2024-45779,CVE-2024-45780,CVE-2024-45781,CVE-2024-45782,CVE-2024-45783,CVE-2024-56737,CVE-2025-0622,CVE-2025-0624,CVE-2025-0677,CVE-2025-0678,CVE-2025-0684,CVE-2025-0685,CVE-2025-0686,CVE-2025-0689,CVE-2025-0690,CVE-2025-1118,CVE-2025-1125 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:605-1 Released: Thu Feb 20 15:42:48 2025 Summary: Security update for openssh Type: security Severity: moderate References: 1237040,CVE-2025-26465 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:611-1 Released: Fri Feb 21 11:36:56 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1236560,CVE-2024-45339 This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:677-1 Released: Mon Feb 24 11:59:00 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1228434,1236384,1236820,1236939,1236983 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:723-1 Released: Wed Feb 26 14:29:39 2025 Summary: Security update for vim Type: security Severity: moderate References: 1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:746-1 Released: Fri Feb 28 17:10:22 2025 Summary: Security update for libxml2 Type: security Severity: important References: 1237363,1237370,1237418,CVE-2024-56171,CVE-2025-24928,CVE-2025-27113 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:759-1 Released: Mon Mar 3 04:44:21 2025 Summary: Recommended update for google-guest-agent Type: recommended Severity: moderate References: 1231775,1231776,1235664,1236403 This update for google-guest-agent fixes the following issues: google-guest-agent was updated from version 20241011.01 to 20250116.00: - Version 20250116.00 (bsc#1236403): * Implemented support for vlan dynamic removal * Update logging library - Version 20241209.01 (bsc#1235664): * Avoid changing permissions of directory if parent is `/` * Fixed fallback from systemd-networkd to dhclient * network: fixed nmcli check pattern * network: force NetworkManager to connect to primary nic * Updated metadata script runner to honor cloud logging config flag * Updated README.md with note regarding the introduction of Agent Plugin Manager - Version 20241018.01 (bsc#1231775, bsc#1231776): * Implemented support for Agent Plugin Manager to manage plugins via a systemd service file. * documentation: Updated metadata script runner details ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:765-1 Released: Mon Mar 3 09:44:13 2025 Summary: Security update for gnutls Type: security Severity: moderate References: 1236974,CVE-2024-12243 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:776-1 Released: Tue Mar 4 15:55:35 2025 Summary: Security update for docker Type: security Severity: moderate References: 1234089,1237335,CVE-2024-29018 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:829-1 Released: Tue Mar 11 08:36:43 2025 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1233137 This update for kdump fixes the following issue: - Fix filtering ReadOnly keys in kdump_bond_config (bsc#1233137). kdump fails to bring network due to bad bond config ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:830-1 Released: Tue Mar 11 09:55:10 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:833-1 Released: Tue Mar 11 11:53:19 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1208995,1220946,1225742,1232472,1232919,1233701,1233749,1234154,1234650,1234853,1234891,1234963,1235054,1235061,1235073,1235111,1236133,1236289,1236576,1236661,1236677,1236757,1236758,1236760,1236761,1236777,1236951,1237025,1237028,1237139,1237316,1237693,1238033,CVE-2022-49080,CVE-2023-1192,CVE-2023-52572,CVE-2024-50115,CVE-2024-53135,CVE-2024-53173,CVE-2024-53226,CVE-2024-53239,CVE-2024-56539,CVE-2024-56548,CVE-2024-56605,CVE-2024-57948,CVE-2025-21647,CVE-2025-21690,CVE-2025-21692,CVE-2025-21699 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576) - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777). - iavf: fix the waiting time for initial reset (bsc#1235111). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111). - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: introduce a function to check if a netdev name is in use (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: minor __dev_alloc_name() optimization (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472). - rcu: Remove rcu_is_idle_cpu() (bsc#1236289). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289). - x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289). - x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289). - x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289). - x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289). - x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289). - x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289). - x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289). - x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289). - x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289). - x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289). - x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (bsc#1236951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:838-1 Released: Tue Mar 11 13:11:21 2025 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1189788,1216091,1236481,1237044 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:934-1 Released: Wed Mar 19 11:08:10 2025 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1237865 This update for grub2 fixes the following issues: - Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:998-1 Released: Tue Mar 25 03:07:02 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1239465,CVE-2025-27363 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1005-1 Released: Tue Mar 25 09:43:18 2025 Summary: Security update for google-guest-agent Type: security Severity: important References: 1239197,CVE-2025-22868 This update for google-guest-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1006-1 Released: Tue Mar 25 09:43:55 2025 Summary: Security update for google-osconfig-agent Type: security Severity: important References: 1239197,CVE-2025-22868 This update for google-osconfig-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1035-1 Released: Thu Mar 27 10:34:01 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1236779,1237294 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1056-1 Released: Fri Mar 28 18:06:22 2025 Summary: Security update for python3 Type: security Severity: moderate References: 1233307,CVE-2024-11168 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1062-1 Released: Mon Mar 31 10:45:08 2025 Summary: Security update for docker, docker-stable Type: security Severity: important References: 1237367,1239185,1239322,CVE-2024-23650,CVE-2024-29018,CVE-2024-41110,CVE-2025-22868,CVE-2025-22869 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1063-1 Released: Mon Mar 31 11:04:42 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1234452 This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1130-1 Released: Thu Apr 3 15:08:55 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1234798,1240009,1240343 This update for ca-certificates-mozilla fixes the following issues: Update to 2.74 state of Mozilla SSL root CAs: - Removed: * SwissSign Silver CA - G2 - Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798): - Removed: * SecureSign RootCA11 * Security Communication RootCA3 - Added: * TWCA CYBER Root CA * TWCA Global Root CA G2 * SecureSign Root CA12 * SecureSign Root CA14 * SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1143-1 Released: Fri Apr 4 15:31:17 2025 Summary: Security update for google-guest-agent Type: security Severity: important References: 1234563,1239763,1239866,CVE-2024-45337 This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) - from version 20250326.00 * Re-enable disabled services if the core plugin was enabled (#521) - from version 20250324.00 * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250317.00 * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250312.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Update crypto library to fix CVE-2024-45337 (#499) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250305.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250304.01 * Fix typo in windows build script (#501) - from version 20250214.01 * Include core plugin binary for all packages (#500) - from version 20250214.00 * Update crypto library to fix CVE-2024-45337 (#499) - from version 20250212.00 * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) - from version 20250211.00 * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250207.00 * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250204.02 * force concourse to move version forward. - from version 20250204.01 * vlan: toggle vlan configuration in debian packaging (#495) - from version 20250204.00 * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) - from version 20250203.01 * Include interfaces in lists even if it has an invalid MAC. (#489) - from version 20250203.00 * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250122.00 * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1145-1 Released: Mon Apr 7 06:41:42 2025 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1223330,1239663 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1161-1 Released: Mon Apr 7 17:29:45 2025 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1235751 This update for vim fixes the following issues: - Regression patch to fix (bsc#1235751). - Version update 9.1.1176 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1191-1 Released: Thu Apr 10 06:57:45 2025 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1211547,1213291,1214713,1216049,1216146,1216147,1216150,1216151,1216228,1216229,1216230,1216231,1216232,1216233,1216241,1216388,1216522,1216827,1217287,1218201,1218282,1218324,1218812,1218814,1219241,1219639,1222021,1222650,1222896,1227127,1228265,1230371,1231396,1231423,1231838,1233726 This update for supportutils fixes the following issues: - Version update 3.2.10, bugfixing. + Collect firewalld configuration + Ignore tasks/threads to prevent collecting duplicate data (bsc#1230371). + openldap2_5 support for SLES (bsc#1231838). + Added dbus_info for dbus.txt (bsc#1222650). + Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221). + Corrected display issues (bsc#1231396, bsc#1217287). + NFS takes too long, showmount times out (bsc#1231423). + Merged sle15 and master branches (bsc#1233726, PED-11669). + Extended scaling for performance (bsc#1214713). + Corrected SLE Micro version (bsc#1219241). + Check nvidida-persistenced state (bsc#1219639). + Corrected podman .ID error (bsc#1218812). + Remove duplicate non-root podman users (bsc#1218814). + Fixed smart disk error (bsc#1218282). + Fixed ipvsadm logic error (bsc#1218324). + Correctly detects Xen Dom0 (bsc#1218201). + Inhibit the conversion of port numbers to port names for network files. + powerpc: collect rtas_errd.log and lp_diag.log log files. + Get list of pam.d files. + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547). + Optimize lsof usage (bsc#1183663). + Added mokutil commands for secureboot. + ipset - List entries for all sets. + Added nvme-stas configuration to nvme.txt (bsc#1216049). + Collects zypp history file (bsc#1216522). + Collect HA related rpm package versions in ha.txt + Change -x OPTION to really be exclude only + Fixed kernel and added user live patching (PED-4524). + Fixed plugins creating empty files (bsc#1216388). + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173). + Added supportutils to current (PED-4456). + Changed config directory to /etc/supportutuils for all conf and header.txt (bsc#1216232). + Fixed supportconfig using external test command (bsc#1216150) and kdump, analyzevmcore errors (bsc#1216146). + Support has been removed for scplugin.rc, use supportconfig.rc (bsc#1216241). + Remove check_service function from supportconfig.rc (bsc#1216231). + Removed older versions of SLES_VER (bsc#1216147). + Added timed command to fs-files.txt (bsc#1216827). + Cron and At are replaced with systemd.timer (bsc#1216229). + Offers apparmor or selinux based on configuration (bsc#1216233). + Filted proc access errors (bsc#1216151). + Remove all SuSE-release references (bsc#1216228). + Remove references to /etc/init.d (bsc#1216230). + Add capability in supportconfig to insert configs in summary.xml from command line option (bsc#1222021). + file sanitizing improvement request for boot (bsc#1227127). + Add 'read_values -s' output to supportconfig on s390x (bsc#1228265). + Usability enhancement for supportconfig (PED-8211). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1201-1 Released: Fri Apr 11 12:15:58 2025 Summary: Security update for expat Type: security Severity: important References: 1239618,CVE-2024-8176 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat. at SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1217-1 Released: Sun Apr 13 12:16:40 2025 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1240343 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust 'new issued' certs starting after a certain date, while old certs should still work. (bsc#1240343) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1241-1 Released: Mon Apr 14 12:37:06 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1180814,1183682,1190336,1190768,1190786,1193629,1194869,1194904,1195823,1196444,1197158,1197174,1197227,1197246,1197302,1197331,1197472,1197661,1197926,1198019,1198021,1198240,1198577,1198660,1199657,1200045,1200571,1200807,1200809,1200810,1200824,1200825,1200871,1200872,1201193,1201218,1201323,1201381,1201610,1202672,1202711,1202712,1202771,1202774,1202778,1202781,1203699,1203769,1204171,1205205,1205701,1206048,1206049,1206451,1207034,1207186,1207361,1207593,1207640,1207878,1209262,1209547,1209788,1209980,1210050,1210647,1211263,1213167,1218450,1221651,1225428,1225742,1229312,1231375,1231432,1231854,1232299,1232743,1233479,1233557,1233749,1234074,1234894,1234895,1234896,1235528,1235599,1235870,1237029,1237521,1237530,1237718,1237721,1237722,1237723,1237724,1237725,1237726,1237727,1237728,1237729,1237730,1237733,1237734,1237735,1237736,1237737,1237738,1237739,1237740,1237742,1237743,1237744,1237745,1237746,1237748,1237749,1237751,1237752,1237753,1237755,1237759,1 237761,1237763,1237766,1237767,1237768,1237774,1237775,1237778,1237779,1237780,1237782,1237783,1237784,1237785,1237786,1237787,1237788,1237789,1237790,1237792,1237794,1237795,1237797,1237798,1237799,1237807,1237808,1237809,1237810,1237812,1237813,1237814,1237815,1237816,1237817,1237818,1237820,1237821,1237823,1237824,1237826,1237827,1237829,1237831,1237835,1237836,1237837,1237839,1237840,1237845,1237846,1237868,1237872,1237892,1237903,1237904,1237916,1237918,1237922,1237925,1237926,1237927,1237928,1237929,1237931,1237932,1237933,1237937,1237940,1237941,1237942,1237946,1237951,1237952,1237954,1237955,1237957,1237958,1237959,1237960,1237961,1237962,1237963,1237965,1237966,1237967,1237968,1237969,1237970,1237971,1237972,1237973,1237975,1237976,1237978,1237979,1237980,1237982,1237983,1237984,1237986,1237987,1237990,1237992,1237996,1237997,1237998,1237999,1238000,1238003,1238004,1238005,1238006,1238007,1238009,1238010,1238011,1238012,1238013,1238014,1238016,1238017,1238018,1238019,123802 1,1238022,1238024,1238025,1238030,1238032,1238036,1238037,1238041,1238046,1238047,1238048,1238069,1238071,1238077,1238079,1238080,1238083,1238084,1238085,1238086,1238089,1238090,1238091,1238092,1238096,1238097,1238099,1238103,1238105,1238106,1238107,1238108,1238110,1238111,1238112,1238113,1238114,1238115,1238116,1238118,1238120,1238122,1238123,1238125,1238126,1238127,1238128,1238131,1238134,1238135,1238138,1238139,1238140,1238142,1238144,1238146,1238147,1238149,1238150,1238153,1238155,1238156,1238157,1238158,1238160,1238162,1238166,1238167,1238168,1238169,1238170,1238171,1238172,1238175,1238176,1238177,1238178,1238179,1238180,1238181,1238183,1238184,1238187,1238221,1238222,1238226,1238228,1238229,1238231,1238233,1238234,1238235,1238236,1238238,1238239,1238240,1238241,1238242,1238243,1238244,1238246,1238247,1238248,1238249,1238252,1238253,1238255,1238256,1238257,1238260,1238261,1238262,1238263,1238264,1238266,1238267,1238268,1238269,1238270,1238271,1238272,1238274,1238275,1238276,123 8277,1238278,1238279,1238281,1238282,1238283,1238284,1238285,1238286,1238287,1238288,1238289,1238291,1238292,1238293,1238295,1238298,1238300,1238301,1238302,1238306,1238307,1238308,1238309,1238311,1238313,1238326,1238327,1238328,1238329,1238331,1238333,1238334,1238335,1238336,1238337,1238338,1238339,1238341,1238343,1238344,1238345,1238372,1238373,1238374,1238376,1238377,1238378,1238381,1238382,1238383,1238385,1238386,1238387,1238388,1238389,1238390,1238391,1238392,1238393,1238394,1238395,1238396,1238397,1238398,1238400,1238401,1238410,1238411,1238413,1238415,1238416,1238417,1238418,1238419,1238420,1238422,1238423,1238424,1238428,1238429,1238430,1238431,1238432,1238433,1238434,1238435,1238436,1238437,1238440,1238441,1238442,1238443,1238444,1238445,1238447,1238453,1238454,1238458,1238459,1238462,1238463,1238465,1238467,1238469,1238533,1238536,1238538,1238539,1238540,1238542,1238543,1238546,1238551,1238552,1238556,1238557,1238599,1238600,1238601,1238602,1238605,1238612,1238613,1238615, 1238616,1238617,1238618,1238619,1238621,1238623,1238625,1238626,1238630,1238631,1238632,1238633,1238635,1238636,1238638,1238639,1238640,1238641,1238642,1238643,1238645,1238646,1238647,1238648,1238649,1238650,1238653,1238654,1238655,1238658,1238661,1238662,1238663,1238664,1238666,1238668,1238705,1238707,1238710,1238712,1238718,1238719,1238721,1238722,1238727,1238729,1238750,1238787,1238789,1238792,1238799,1238803,1238804,1238805,1238806,1238808,1238809,1238810,1238811,1238814,1238815,1238816,1238817,1238818,1238819,1238820,1238821,1238822,1238823,1238825,1238830,1238834,1238835,1238836,1238838,1238843,1238867,1238868,1238869,1238870,1238871,1238878,1238889,1238892,1238893,1238897,1238898,1238899,1238902,1238911,1238916,1238919,1238925,1238930,1238933,1238936,1238937,1238938,1238939,1238941,1238942,1238943,1238944,1238945,1238946,1238948,1238949,1238950,1238951,1238952,1238953,1238954,1238956,1238957,1239001,1239004,1239016,1239035,1239040,1239041,1239051,1239060,1239070,1239071,12390 73,1239076,1239095,1239109,1239115,1239126,1239452,1239454,1239968,1239969,1240133,1240205,1240207,1240208,1240210,1240212,1240213,1240218,1240220,1240227,1240229,1240231,1240242,1240245,1240247,1240250,1240254,1240256,1240264,1240266,1240272,1240275,1240276,1240278,1240279,1240280,1240281,1240282,1240283,1240284,1240286,1240288,1240290,1240292,1240293,1240297,1240304,1240308,1240309,1240317,1240318,1240322,CVE-2017-5753,CVE-2021-4453,CVE-2021-4454,CVE-2021-47517,CVE-2021-47631,CVE-2021-47632,CVE-2021-47633,CVE-2021-47635,CVE-2021-47636,CVE-2021-47637,CVE-2021-47638,CVE-2021-47639,CVE-2021-47641,CVE-2021-47642,CVE-2021-47643,CVE-2021-47644,CVE-2021-47645,CVE-2021-47646,CVE-2021-47647,CVE-2021-47648,CVE-2021-47649,CVE-2021-47650,CVE-2021-47651,CVE-2021-47652,CVE-2021-47653,CVE-2021-47654,CVE-2021-47656,CVE-2021-47657,CVE-2021-47659,CVE-2022-0168,CVE-2022-0995,CVE-2022-1016,CVE-2022-1048,CVE-2022-1184,CVE-2022-2977,CVE-2022-29900,CVE-2022-29901,CVE-2022-3303,CVE-2022-3435,CVE-2022-490 44,CVE-2022-49050,CVE-2022-49051,CVE-2022-49053,CVE-2022-49054,CVE-2022-49055,CVE-2022-49056,CVE-2022-49057,CVE-2022-49058,CVE-2022-49059,CVE-2022-49060,CVE-2022-49061,CVE-2022-49062,CVE-2022-49063,CVE-2022-49064,CVE-2022-49065,CVE-2022-49066,CVE-2022-49070,CVE-2022-49071,CVE-2022-49073,CVE-2022-49074,CVE-2022-49075,CVE-2022-49076,CVE-2022-49078,CVE-2022-49082,CVE-2022-49083,CVE-2022-49084,CVE-2022-49085,CVE-2022-49086,CVE-2022-49088,CVE-2022-49089,CVE-2022-49090,CVE-2022-49091,CVE-2022-49092,CVE-2022-49093,CVE-2022-49095,CVE-2022-49096,CVE-2022-49097,CVE-2022-49098,CVE-2022-49099,CVE-2022-49100,CVE-2022-49102,CVE-2022-49103,CVE-2022-49104,CVE-2022-49105,CVE-2022-49106,CVE-2022-49107,CVE-2022-49109,CVE-2022-49111,CVE-2022-49112,CVE-2022-49113,CVE-2022-49114,CVE-2022-49115,CVE-2022-49116,CVE-2022-49118,CVE-2022-49119,CVE-2022-49120,CVE-2022-49121,CVE-2022-49122,CVE-2022-49123,CVE-2022-49125,CVE-2022-49126,CVE-2022-49128,CVE-2022-49129,CVE-2022-49130,CVE-2022-49131,CVE-2022-49132,CVE- 2022-49133,CVE-2022-49134,CVE-2022-49135,CVE-2022-49136,CVE-2022-49137,CVE-2022-49138,CVE-2022-49139,CVE-2022-49144,CVE-2022-49145,CVE-2022-49147,CVE-2022-49148,CVE-2022-49151,CVE-2022-49153,CVE-2022-49154,CVE-2022-49155,CVE-2022-49156,CVE-2022-49157,CVE-2022-49158,CVE-2022-49159,CVE-2022-49160,CVE-2022-49162,CVE-2022-49163,CVE-2022-49164,CVE-2022-49165,CVE-2022-49174,CVE-2022-49175,CVE-2022-49176,CVE-2022-49177,CVE-2022-49178,CVE-2022-49179,CVE-2022-49180,CVE-2022-49182,CVE-2022-49183,CVE-2022-49185,CVE-2022-49187,CVE-2022-49188,CVE-2022-49189,CVE-2022-49192,CVE-2022-49193,CVE-2022-49194,CVE-2022-49196,CVE-2022-49199,CVE-2022-49200,CVE-2022-49201,CVE-2022-49202,CVE-2022-49203,CVE-2022-49204,CVE-2022-49205,CVE-2022-49206,CVE-2022-49207,CVE-2022-49208,CVE-2022-49209,CVE-2022-49212,CVE-2022-49213,CVE-2022-49214,CVE-2022-49215,CVE-2022-49216,CVE-2022-49217,CVE-2022-49218,CVE-2022-49219,CVE-2022-49221,CVE-2022-49222,CVE-2022-49224,CVE-2022-49225,CVE-2022-49226,CVE-2022-49227,CVE-2022-49 228,CVE-2022-49230,CVE-2022-49232,CVE-2022-49233,CVE-2022-49235,CVE-2022-49236,CVE-2022-49237,CVE-2022-49238,CVE-2022-49239,CVE-2022-49241,CVE-2022-49242,CVE-2022-49243,CVE-2022-49244,CVE-2022-49246,CVE-2022-49247,CVE-2022-49248,CVE-2022-49249,CVE-2022-49250,CVE-2022-49251,CVE-2022-49252,CVE-2022-49253,CVE-2022-49254,CVE-2022-49256,CVE-2022-49257,CVE-2022-49258,CVE-2022-49259,CVE-2022-49260,CVE-2022-49261,CVE-2022-49262,CVE-2022-49263,CVE-2022-49264,CVE-2022-49265,CVE-2022-49266,CVE-2022-49268,CVE-2022-49269,CVE-2022-49270,CVE-2022-49271,CVE-2022-49272,CVE-2022-49273,CVE-2022-49274,CVE-2022-49275,CVE-2022-49276,CVE-2022-49277,CVE-2022-49278,CVE-2022-49279,CVE-2022-49280,CVE-2022-49281,CVE-2022-49283,CVE-2022-49285,CVE-2022-49286,CVE-2022-49287,CVE-2022-49288,CVE-2022-49290,CVE-2022-49291,CVE-2022-49292,CVE-2022-49293,CVE-2022-49294,CVE-2022-49295,CVE-2022-49296,CVE-2022-49297,CVE-2022-49298,CVE-2022-49299,CVE-2022-49300,CVE-2022-49301,CVE-2022-49302,CVE-2022-49304,CVE-2022-49305,CVE -2022-49306,CVE-2022-49307,CVE-2022-49308,CVE-2022-49309,CVE-2022-49310,CVE-2022-49311,CVE-2022-49312,CVE-2022-49313,CVE-2022-49314,CVE-2022-49315,CVE-2022-49316,CVE-2022-49319,CVE-2022-49320,CVE-2022-49321,CVE-2022-49322,CVE-2022-49323,CVE-2022-49325,CVE-2022-49326,CVE-2022-49327,CVE-2022-49328,CVE-2022-49329,CVE-2022-49330,CVE-2022-49331,CVE-2022-49332,CVE-2022-49333,CVE-2022-49335,CVE-2022-49336,CVE-2022-49337,CVE-2022-49338,CVE-2022-49339,CVE-2022-49341,CVE-2022-49342,CVE-2022-49343,CVE-2022-49345,CVE-2022-49346,CVE-2022-49347,CVE-2022-49348,CVE-2022-49349,CVE-2022-49350,CVE-2022-49351,CVE-2022-49352,CVE-2022-49353,CVE-2022-49354,CVE-2022-49356,CVE-2022-49357,CVE-2022-49359,CVE-2022-49362,CVE-2022-49365,CVE-2022-49367,CVE-2022-49368,CVE-2022-49370,CVE-2022-49371,CVE-2022-49373,CVE-2022-49375,CVE-2022-49376,CVE-2022-49377,CVE-2022-49378,CVE-2022-49379,CVE-2022-49381,CVE-2022-49382,CVE-2022-49384,CVE-2022-49385,CVE-2022-49386,CVE-2022-49389,CVE-2022-49390,CVE-2022-49392,CVE-2022-4 9394,CVE-2022-49396,CVE-2022-49397,CVE-2022-49398,CVE-2022-49399,CVE-2022-49400,CVE-2022-49402,CVE-2022-49404,CVE-2022-49406,CVE-2022-49407,CVE-2022-49409,CVE-2022-49410,CVE-2022-49411,CVE-2022-49412,CVE-2022-49413,CVE-2022-49414,CVE-2022-49416,CVE-2022-49418,CVE-2022-49419,CVE-2022-49421,CVE-2022-49422,CVE-2022-49424,CVE-2022-49426,CVE-2022-49427,CVE-2022-49429,CVE-2022-49430,CVE-2022-49431,CVE-2022-49432,CVE-2022-49433,CVE-2022-49434,CVE-2022-49435,CVE-2022-49436,CVE-2022-49437,CVE-2022-49438,CVE-2022-49440,CVE-2022-49441,CVE-2022-49442,CVE-2022-49443,CVE-2022-49444,CVE-2022-49445,CVE-2022-49446,CVE-2022-49447,CVE-2022-49448,CVE-2022-49449,CVE-2022-49451,CVE-2022-49453,CVE-2022-49455,CVE-2022-49458,CVE-2022-49459,CVE-2022-49460,CVE-2022-49462,CVE-2022-49463,CVE-2022-49465,CVE-2022-49466,CVE-2022-49467,CVE-2022-49468,CVE-2022-49470,CVE-2022-49472,CVE-2022-49473,CVE-2022-49474,CVE-2022-49475,CVE-2022-49476,CVE-2022-49477,CVE-2022-49478,CVE-2022-49479,CVE-2022-49480,CVE-2022-49481,CV E-2022-49482,CVE-2022-49483,CVE-2022-49484,CVE-2022-49485,CVE-2022-49486,CVE-2022-49487,CVE-2022-49488,CVE-2022-49489,CVE-2022-49490,CVE-2022-49491,CVE-2022-49492,CVE-2022-49493,CVE-2022-49494,CVE-2022-49495,CVE-2022-49497,CVE-2022-49498,CVE-2022-49499,CVE-2022-49501,CVE-2022-49502,CVE-2022-49503,CVE-2022-49504,CVE-2022-49505,CVE-2022-49506,CVE-2022-49507,CVE-2022-49508,CVE-2022-49509,CVE-2022-49510,CVE-2022-49511,CVE-2022-49512,CVE-2022-49514,CVE-2022-49515,CVE-2022-49516,CVE-2022-49517,CVE-2022-49518,CVE-2022-49519,CVE-2022-49520,CVE-2022-49521,CVE-2022-49522,CVE-2022-49523,CVE-2022-49524,CVE-2022-49525,CVE-2022-49526,CVE-2022-49527,CVE-2022-49529,CVE-2022-49530,CVE-2022-49532,CVE-2022-49533,CVE-2022-49534,CVE-2022-49535,CVE-2022-49536,CVE-2022-49537,CVE-2022-49538,CVE-2022-49541,CVE-2022-49542,CVE-2022-49543,CVE-2022-49544,CVE-2022-49545,CVE-2022-49546,CVE-2022-49548,CVE-2022-49549,CVE-2022-49551,CVE-2022-49552,CVE-2022-49555,CVE-2022-49556,CVE-2022-49559,CVE-2022-49560,CVE-2022- 49562,CVE-2022-49563,CVE-2022-49564,CVE-2022-49565,CVE-2022-49566,CVE-2022-49568,CVE-2022-49569,CVE-2022-49570,CVE-2022-49579,CVE-2022-49581,CVE-2022-49583,CVE-2022-49584,CVE-2022-49591,CVE-2022-49592,CVE-2022-49603,CVE-2022-49605,CVE-2022-49606,CVE-2022-49607,CVE-2022-49609,CVE-2022-49610,CVE-2022-49611,CVE-2022-49613,CVE-2022-49615,CVE-2022-49616,CVE-2022-49617,CVE-2022-49618,CVE-2022-49621,CVE-2022-49623,CVE-2022-49624,CVE-2022-49625,CVE-2022-49626,CVE-2022-49627,CVE-2022-49628,CVE-2022-49631,CVE-2022-49634,CVE-2022-49635,CVE-2022-49638,CVE-2022-49640,CVE-2022-49641,CVE-2022-49642,CVE-2022-49643,CVE-2022-49644,CVE-2022-49645,CVE-2022-49646,CVE-2022-49647,CVE-2022-49648,CVE-2022-49649,CVE-2022-49650,CVE-2022-49652,CVE-2022-49653,CVE-2022-49655,CVE-2022-49656,CVE-2022-49657,CVE-2022-49658,CVE-2022-49661,CVE-2022-49663,CVE-2022-49665,CVE-2022-49667,CVE-2022-49668,CVE-2022-49670,CVE-2022-49671,CVE-2022-49672,CVE-2022-49673,CVE-2022-49674,CVE-2022-49675,CVE-2022-49676,CVE-2022-49677,C VE-2022-49678,CVE-2022-49679,CVE-2022-49680,CVE-2022-49683,CVE-2022-49685,CVE-2022-49686,CVE-2022-49687,CVE-2022-49688,CVE-2022-49693,CVE-2022-49694,CVE-2022-49695,CVE-2022-49697,CVE-2022-49699,CVE-2022-49700,CVE-2022-49701,CVE-2022-49703,CVE-2022-49704,CVE-2022-49705,CVE-2022-49707,CVE-2022-49708,CVE-2022-49710,CVE-2022-49711,CVE-2022-49712,CVE-2022-49713,CVE-2022-49714,CVE-2022-49715,CVE-2022-49716,CVE-2022-49719,CVE-2022-49720,CVE-2022-49721,CVE-2022-49722,CVE-2022-49723,CVE-2022-49724,CVE-2022-49725,CVE-2022-49726,CVE-2022-49729,CVE-2022-49730,CVE-2022-49731,CVE-2022-49732,CVE-2022-49733,CVE-2022-49739,CVE-2022-49746,CVE-2022-49748,CVE-2022-49751,CVE-2022-49753,CVE-2022-49755,CVE-2022-49759,CVE-2023-0179,CVE-2023-1652,CVE-2023-2162,CVE-2023-28410,CVE-2023-3567,CVE-2023-52930,CVE-2023-52933,CVE-2023-52935,CVE-2023-52939,CVE-2023-52941,CVE-2023-52973,CVE-2023-52974,CVE-2023-52975,CVE-2023-52976,CVE-2023-52979,CVE-2023-52983,CVE-2023-52984,CVE-2023-52988,CVE-2023-52989,CVE-2023-529 92,CVE-2023-52993,CVE-2023-53000,CVE-2023-53005,CVE-2023-53006,CVE-2023-53007,CVE-2023-53008,CVE-2023-53010,CVE-2023-53015,CVE-2023-53016,CVE-2023-53019,CVE-2023-53023,CVE-2023-53024,CVE-2023-53025,CVE-2023-53026,CVE-2023-53028,CVE-2023-53029,CVE-2023-53030,CVE-2023-53033,CVE-2024-26634,CVE-2024-47678,CVE-2024-50290,CVE-2024-53063,CVE-2024-53124,CVE-2024-53176,CVE-2024-53178,CVE-2024-56651,CVE-2024-57996,CVE-2024-58013,CVE-2024-58014,CVE-2025-21693,CVE-2025-21718,CVE-2025-21772,CVE-2025-21780 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - cifs: Add a laundromat thread for cached directories (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes). - gfs2: Fix inode height consistency check (git-fixes). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Support holes in device list reply msg (bsc#1240133). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes). - smb: client: do not start laundromat thread on nohandlecache (git-fixes). - smb: client: make laundromat a delayed worker (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes). - smb3: do not start laundromat thread when dir leases disabled (git-fixes). - smb3: retrying on failed server close (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1242-1 Released: Mon Apr 14 12:43:18 2025 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1235481,1236033 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1292-1 Released: Wed Apr 16 09:49:17 2025 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1334-1 Released: Thu Apr 17 09:03:05 2025 Summary: Security update for pam Type: security Severity: moderate References: 1232234,CVE-2024-10041 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1345-1 Released: Thu Apr 17 17:14:27 2025 Summary: Security update for containerd Type: security Severity: moderate References: 1239749,CVE-2024-40635 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1354-1 Released: Tue Apr 22 05:14:53 2025 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1234383 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) ----------------------------------------------------------------- Advisory ID: 38402 Released: Fri Apr 25 11:05:30 2025 Summary: Recommended update for freetype2 Type: recommended Severity: important References: This update for freetype2 fixes the following issue: - enable brotli support (jsc#PED-12258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1371-1 Released: Fri Apr 25 12:02:27 2025 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1232234,1234452 This update for apparmor fixes the following issues: - Allow pam_unix to execute unix_chkpwd with abi/3.0 (bsc#1234452, bsc#1232234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1381-1 Released: Mon Apr 28 09:37:03 2025 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1239680,CVE-2025-2312 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1413-1 Released: Wed Apr 30 08:59:04 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1438-1 Released: Fri May 2 15:44:07 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1446-1 Released: Mon May 5 08:04:03 2025 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1216938 This update for lvm2 fixes the following issues: - LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938) * set lvm.conf devices.multipath_wwids_file='' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1456-1 Released: Wed May 7 17:13:32 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1512-1 Released: Wed May 7 21:36:27 2025 Summary: Security update for apparmor Type: security Severity: moderate References: 1241678,CVE-2024-10041 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.28.2 updated - apparmor-abstractions-3.0.4-150500.11.18.1 updated - apparmor-parser-3.0.4-150500.11.18.1 updated - ca-certificates-mozilla-2.74-150200.41.1 updated - cifs-utils-6.15-150400.3.12.1 updated - containerd-ctr-1.7.27-150000.123.1 updated - containerd-1.7.27-150000.123.1 updated - docker-27.5.1_ce-150000.218.1 updated - findutils-4.8.0-150300.3.3.2 updated - glibc-locale-base-2.31-150300.92.1 updated - glibc-locale-2.31-150300.92.1 updated - glibc-2.31-150300.92.1 updated - google-guest-agent-20250327.01-150000.1.60.1 updated - google-guest-oslogin-20240311.00-150000.1.50.1 updated - google-osconfig-agent-20250115.01-150000.1.47.1 updated - grub2-i386-pc-2.06-150500.29.46.2 updated - grub2-x86_64-efi-2.06-150500.29.46.2 updated - grub2-2.06-150500.29.46.2 updated - hwinfo-21.87-150500.3.6.1 updated - iproute2-5.14-150400.3.3.1 updated - kdump-1.0.2+git48.g64445e1-150500.3.9.2 updated - kernel-default-5.14.21-150500.55.100.1 updated - libapparmor1-3.0.4-150500.11.18.1 updated - libaugeas0-1.12.0-150400.3.8.1 updated - libdevmapper1_03-2.03.22_1.02.196-150500.7.15.1 updated - libexpat1-2.7.1-150400.3.28.1 updated - libfreetype6-2.10.4-150000.4.22.1 updated - libgnutls30-3.7.3-150400.4.47.1 updated - libprocps8-3.3.17-150000.7.42.1 updated - libpython3_6m1_0-3.6.15-150300.10.84.1 updated - libsqlite3-0-3.49.1-150000.3.27.1 updated - libtasn1-6-4.13-150000.4.11.1 updated - libtasn1-4.13-150000.4.11.1 updated - libxml2-2-2.10.3-150500.5.26.1 updated - libzypp-17.36.3-150500.6.42.1 updated - openssh-clients-8.4p1-150300.3.42.1 updated - openssh-common-8.4p1-150300.3.42.1 updated - openssh-server-8.4p1-150300.3.42.1 updated - openssh-8.4p1-150300.3.42.1 updated - pam-1.3.0-150000.6.76.1 updated - procps-3.3.17-150000.7.42.1 updated - python3-base-3.6.15-150300.10.84.1 updated - python3-3.6.15-150300.10.84.1 updated - supportutils-3.2.10-150300.7.35.36.4 updated - suse-build-key-12.0-150000.8.58.1 updated - timezone-2025b-150000.75.34.2 updated - vim-data-common-9.1.1176-150500.20.24.2 updated - vim-9.1.1176-150500.20.24.2 updated - zypper-1.14.85-150500.6.26.1 updated - libxslt1-1.1.34-150400.3.3.1 removed - python-instance-billing-flavor-check-0.1.2-150000.1.17.1 removed - python3-apipkg-2.1.0-150500.1.1 removed - python3-asn1crypto-0.24.0-3.2.1 removed - python3-certifi-2018.1.18-150000.3.3.1 removed - python3-cffi-1.13.2-3.2.5 removed - python3-chardet-3.0.4-150000.5.3.1 removed - python3-cryptography-3.3.2-150400.23.1 removed - python3-cssselect-1.0.3-150400.3.7.4 removed - python3-idna-2.6-150000.3.3.1 removed - python3-iniconfig-1.1.1-150000.1.11.1 removed - python3-lxml-4.9.1-150500.3.4.3 removed - python3-py-1.10.0-150100.5.12.1 removed - python3-pyOpenSSL-21.0.0-150400.7.62 removed - python3-pyasn1-0.4.2-150000.3.5.1 removed - python3-pycparser-2.17-3.2.1 removed - python3-requests-2.25.1-150300.3.12.2 removed - python3-urllib3-1.25.10-150300.4.12.1 removed From sle-container-updates at lists.suse.com Fri May 23 07:11:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 May 2025 09:11:59 +0200 (CEST) Subject: SUSE-IU-2025:1393-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250523071159.0825BF783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1393-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.33 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.33 Severity : important Type : security References : 1215199 1223809 1224013 1224597 1224757 1228659 1230764 1231103 1232493 1233075 1233098 1235501 1235526 1236086 1236704 1237111 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239997 1240181 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240934 1240936 1240944 1241010 1241038 1241051 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242985 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-23 Released: Thu May 22 17:14:36 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Correct the upsteram version numbers in the previous patches - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section - Move upstreamed sound patch into sorted section - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The following package changes have been done: - pigz-2.8-1.8 added - perl-base-5.38.2-1.52 added - libdw1-0.189-4.143 added - file-5.44-4.151 added - libasm1-0.189-4.143 added - zstd-1.5.5-8.142 added - elfutils-0.189-4.143 added - cpio-2.15-1.3 added - perl-Bootloader-1.8.2-1.1 added - util-linux-systemd-2.39.3-3.1 added - dracut-059+suse.591.ge2ab3f62-1.1 added - kernel-rt-6.4.0-31.1 updated From sle-container-updates at lists.suse.com Fri May 23 07:12:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 May 2025 09:12:38 +0200 (CEST) Subject: SUSE-IU-2025:1395-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250523071238.DA795F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1395-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.37 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.37 Severity : important Type : security References : 1215199 1223809 1224013 1224597 1224757 1228659 1230764 1231103 1232493 1233075 1233098 1235501 1235526 1236086 1236704 1237111 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239997 1240181 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240934 1240936 1240944 1241010 1241038 1241051 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242985 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-22 Released: Thu May 22 17:18:46 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and' - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The following package changes have been done: - kernel-default-6.4.0-29.1 updated From sle-container-updates at lists.suse.com Fri May 23 07:13:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 May 2025 09:13:21 +0200 (CEST) Subject: SUSE-IU-2025:1397-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250523071321.1BED4F783@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1397-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.42 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.42 Severity : critical Type : security References : 1215199 1217885 1223809 1224013 1224597 1224757 1228086 1228659 1230764 1231103 1231476 1231792 1232063 1232493 1233075 1233098 1235501 1235526 1236086 1236704 1236982 1237111 1237695 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239632 1239997 1240181 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240919 1240934 1240936 1240944 1241010 1241038 1241051 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242985 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2024-9781 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 98 Released: Mon May 12 11:09:06 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1217885,1228086,1231476,1231792,1232063,1236982,1237695,1239632,1240919,CVE-2024-9781 This update for dracut fixes the following issues: Update to version 059+suse.631.ga638ed12: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions * fix(dracut.spec): move znet to the main package (bsc#1239632) Update to version 059+suse.623.gf9a73df5: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) Update to version 059+suse.617.gb2c1d974: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) Update to version 059+suse.610.g850d981a: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) ----------------------------------------------------------------- Advisory ID: kernel-23 Released: Thu May 22 17:14:36 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Correct the upsteram version numbers in the previous patches - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - Move upstreamed smb patch into sorted section Also move other out-of-tree patches into the proper section - Move upstreamed sound patch into sorted section - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The following package changes have been done: - file-magic-5.44-slfo.1.1_1.4 added - pigz-2.8-slfo.1.1_1.2 added - libmagic1-5.44-slfo.1.1_1.4 added - libdw1-0.189-slfo.1.1_1.5 added - file-5.44-slfo.1.1_1.4 added - libasm1-0.189-slfo.1.1_1.5 added - zstd-1.5.5-slfo.1.1_1.4 added - elfutils-0.189-slfo.1.1_1.5 added - cpio-2.15-slfo.1.1_2.4 added - perl-Bootloader-1.13.0-slfo.1.1_1.2 added - util-linux-systemd-2.40.4-slfo.1.1_1.1 added - dracut-059+suse.631.ga638ed12-slfo.1.1_1.1 added - kernel-rt-6.4.0-31.1 updated - container:SL-Micro-container-2.2.0-5.4 updated From sle-container-updates at lists.suse.com Sat May 24 07:04:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:04:12 +0200 (CEST) Subject: SUSE-CU-2025:3658-1: Security update of containers/pytorch Message-ID: <20250524070412.D10C3FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3658-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.8 Container Release : 2.8 Severity : important Type : security References : 1196647 1196647 1198176 1198752 1199467 1200800 1201680 1216862 CVE-2021-46828 ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) The following package changes have been done: - libtirpc-netconfig-1.3.4-150300.3.23.1 added - libtirpc3-1.3.4-150300.3.23.1 added - libnsl2-1.2.0-2.44 added - python311-3.11.11-150600.3.21.1 added - python311-typing_extensions-4.13.0-150600.1.1 updated - python311-setuptools-72.1.0-150600.1.11 added - python311-numpy-2.1.1-150600.1.40 updated - python311-gmpy2-2.1.5-150600.1.2 added - python311-mpmath-1.3.0-150600.1.13 added - python311-sympy-1.13.3-150600.1.1 added - python311-torch-cuda-2.7.0-150600.2.2 updated From sle-container-updates at lists.suse.com Sat May 24 07:07:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:07:28 +0200 (CEST) Subject: SUSE-IU-2025:1408-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250524070728.7E763FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1408-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.300 , suse/sle-micro/5.5:latest Image Release : 5.5.300 Severity : moderate Type : recommended References : 1239297 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1685-1 Released: Fri May 23 08:04:34 2025 Summary: Recommended update for sysstat Type: recommended Severity: moderate References: 1239297 This update for sysstat fixes the following issues: - Removed cron dependency in favour of systemd timers (bsc#1239297) - Removed sysstat.cron.suse The following package changes have been done: - sysstat-12.0.2-150000.3.40.1 updated - cron-4.2-150400.84.3.1 removed - cronie-1.5.7-150400.84.3.1 removed - mailx-12.5-150000.3.5.1 removed From sle-container-updates at lists.suse.com Sat May 24 07:15:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:15:36 +0200 (CEST) Subject: SUSE-IU-2025:1409-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250524071536.8824AF78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1409-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.35 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.35 Severity : critical Type : security References : 1234128 1239883 1240897 1241020 1241078 1241453 1241551 1242901 1243317 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3360 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 314 Released: Mon May 12 11:55:56 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897). ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 325 Released: Fri May 16 14:45:12 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - Update to release 3.49.1: * Improve portability of makefiles and configure scripts. * CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws() function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very large (hundreds of megabytes). * CVE-2025-29088, bsc#1241078: Enhanced the SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust against misuse. - Update to release 3.49.0: * Enhancements to the query planner: - Improve the query-time index optimization so that it works on WITHOUT ROWID tables. - Better query plans for large star-query joins. This fixes three different performance regressions that were reported on the SQLite Forum. - When two or more queries have the same estimated cost, use the one with the fewer bytes per row. * Enhance the iif() SQL function so that it can accept any number of arguments greater than or equal to two. * Enhance the session extension so that it works on databases that make use of generated columns. * Omit the SQLITE_USE_STDIO_FOR_CONSOLE compile-time option which was not implemented correctly and never worked right. In its place add the SQLITE_USE_W32_FOR_CONSOLE_IO compile-time option. This option applies to command-line tools like the CLI only, not to the SQLite core. It causes Win32 APIs to be used for console I/O instead of stdio. This option affects Windows builds only. * Three new options to sqlite3_db_config(). All default 'on'. SQLITE_DBCONFIG_ENABLE_ATTACH_CREATE SQLITE_DBCONFIG_ENABLE_ATTACH_WRITE SQLITE_DBCONFIG_ENABLE_COMMENTS - Re-enable SONAME which got disabled by default in 3.48.0. * https://www.sqlite.org/src/forumpost/5a3b44f510df8ded * https://sqlite.org/forum/forumpost/ab8f15697a - Update to release 3.48.0: * Improved EXPLAIN QUERY PLAN output for covering indexes. * Allow a two-argument version of the iif() SQL function. * Also allow if() as an alternative spelling for iif(). * Add the '.dbtotxt' command to the CLI. * Add the SQLITE_IOCAP_SUBPAGE_READ property to the xDeviceCharacteristics method of the sqlite3_io_methods object. * Add the SQLITE_PREPARE_DONT_LOG option to sqlite3_prepare_v3() that prevents warning messages being sent to the error log if the SQL is ill-formed. This allows sqlite3_prepare_v3() to be used to do test compiles of SQL to check for validity without polluting the error log with false messages. * Increase the minimum allowed value of SQLITE_LIMIT_LENGTH from 1 to 30. * Added the SQLITE_FCNTL_NULL_IO file control. * Extend the FTS5 auxiliary API xInstToken() to work with prefix queries via the insttoken configuration option and the fts5_insttoken() SQL function. * Increase the maximum number of arguments to an SQL function from 127 to 1000. - Update to release 3.47.2: * Fix a problem in text-to-floating-point conversion that affects text values where the first 16 significant digits are '1844674407370955'. This issue was introduced in 3.47.0 and only arises on x64 and i386 hardware. * Other minor bug fixes. - Enable the session extension, because NodeJS 22 needs it. - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the 'install' target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like 'SELECT func(a) FROM tab GROUP BY 1' only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the 'order-by-subquery' optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The 'indexed-subtype-expr' optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the 'long double' data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript 'opfs' VFS. Correct 'mode=ro' handling for the 'opfs' VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. - Update to release 3.46.0: * https://sqlite.org/releaselog/3_46_0.html * Enhance PRAGMA optimize in multiple ways. * Enhancements to the date and time functions. * Add support for underscore ('_') characters between digits in numeric literals. * Add the json_pretty() SQL function. * Query planner improvements. * Allocate additional memory from the heap for the SQL parser stack if that stack overflows, rather than reporting a 'parser stack overflow' error. * Allow ASCII control characters within JSON5 string literals. * Fix the -> and ->> JSON operators so that when the right-hand side operand is a string that looks like an integer it is still treated as a string, because that is what PostgreSQL does. - Update to release 3.45.3: * Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the 'old.*' values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. * Reduce the scope of the NOT NULL strength reduction optimization that was added as item 8e in version 3.35.0. The optimization was being attempted in some contexts where it did not work, resulting in incorrect query results. - Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream. - Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0. ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 329 Released: Wed May 21 13:23:02 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read (bsc#1241453) The following package changes have been done: - glibc-2.38-9.1 updated - libxml2-2-2.11.6-8.1 updated - perl-base-5.38.2-2.1 updated - SL-Micro-release-6.0-25.28 updated - libglib-2_0-0-2.76.2-7.1 updated - libsqlite3-0-3.49.1-1.1 updated - libgobject-2_0-0-2.76.2-7.1 updated - libgmodule-2_0-0-2.76.2-7.1 updated - libgio-2_0-0-2.76.2-7.1 updated - glib2-tools-2.76.2-7.1 updated - libnm0-1.42.6-6.1 updated - NetworkManager-1.42.6-6.1 updated - elemental-register-1.6.9-1.1 updated - elemental-support-1.6.9-1.1 updated - glibc-locale-base-2.38-9.1 updated - container:SL-Micro-base-container-2.1.3-7.4 updated From sle-container-updates at lists.suse.com Sat May 24 07:16:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:16:46 +0200 (CEST) Subject: SUSE-IU-2025:1412-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250524071646.44D87F78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1412-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.31 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.31 Severity : critical Type : security References : 1224868 1234128 1239883 1240897 1241020 1241078 1241083 1241453 1241551 1242901 1243317 CVE-2024-56406 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3360 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 313 Released: Mon May 12 11:36:50 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). ----------------------------------------------------------------- Advisory ID: 314 Released: Mon May 12 11:55:56 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897). ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 325 Released: Fri May 16 14:45:12 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - Update to release 3.49.1: * Improve portability of makefiles and configure scripts. * CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws() function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very large (hundreds of megabytes). * CVE-2025-29088, bsc#1241078: Enhanced the SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust against misuse. - Update to release 3.49.0: * Enhancements to the query planner: - Improve the query-time index optimization so that it works on WITHOUT ROWID tables. - Better query plans for large star-query joins. This fixes three different performance regressions that were reported on the SQLite Forum. - When two or more queries have the same estimated cost, use the one with the fewer bytes per row. * Enhance the iif() SQL function so that it can accept any number of arguments greater than or equal to two. * Enhance the session extension so that it works on databases that make use of generated columns. * Omit the SQLITE_USE_STDIO_FOR_CONSOLE compile-time option which was not implemented correctly and never worked right. In its place add the SQLITE_USE_W32_FOR_CONSOLE_IO compile-time option. This option applies to command-line tools like the CLI only, not to the SQLite core. It causes Win32 APIs to be used for console I/O instead of stdio. This option affects Windows builds only. * Three new options to sqlite3_db_config(). All default 'on'. SQLITE_DBCONFIG_ENABLE_ATTACH_CREATE SQLITE_DBCONFIG_ENABLE_ATTACH_WRITE SQLITE_DBCONFIG_ENABLE_COMMENTS - Re-enable SONAME which got disabled by default in 3.48.0. * https://www.sqlite.org/src/forumpost/5a3b44f510df8ded * https://sqlite.org/forum/forumpost/ab8f15697a - Update to release 3.48.0: * Improved EXPLAIN QUERY PLAN output for covering indexes. * Allow a two-argument version of the iif() SQL function. * Also allow if() as an alternative spelling for iif(). * Add the '.dbtotxt' command to the CLI. * Add the SQLITE_IOCAP_SUBPAGE_READ property to the xDeviceCharacteristics method of the sqlite3_io_methods object. * Add the SQLITE_PREPARE_DONT_LOG option to sqlite3_prepare_v3() that prevents warning messages being sent to the error log if the SQL is ill-formed. This allows sqlite3_prepare_v3() to be used to do test compiles of SQL to check for validity without polluting the error log with false messages. * Increase the minimum allowed value of SQLITE_LIMIT_LENGTH from 1 to 30. * Added the SQLITE_FCNTL_NULL_IO file control. * Extend the FTS5 auxiliary API xInstToken() to work with prefix queries via the insttoken configuration option and the fts5_insttoken() SQL function. * Increase the maximum number of arguments to an SQL function from 127 to 1000. - Update to release 3.47.2: * Fix a problem in text-to-floating-point conversion that affects text values where the first 16 significant digits are '1844674407370955'. This issue was introduced in 3.47.0 and only arises on x64 and i386 hardware. * Other minor bug fixes. - Enable the session extension, because NodeJS 22 needs it. - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the 'install' target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like 'SELECT func(a) FROM tab GROUP BY 1' only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the 'order-by-subquery' optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The 'indexed-subtype-expr' optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the 'long double' data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript 'opfs' VFS. Correct 'mode=ro' handling for the 'opfs' VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. - Update to release 3.46.0: * https://sqlite.org/releaselog/3_46_0.html * Enhance PRAGMA optimize in multiple ways. * Enhancements to the date and time functions. * Add support for underscore ('_') characters between digits in numeric literals. * Add the json_pretty() SQL function. * Query planner improvements. * Allocate additional memory from the heap for the SQL parser stack if that stack overflows, rather than reporting a 'parser stack overflow' error. * Allow ASCII control characters within JSON5 string literals. * Fix the -> and ->> JSON operators so that when the right-hand side operand is a string that looks like an integer it is still treated as a string, because that is what PostgreSQL does. - Update to release 3.45.3: * Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the 'old.*' values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. * Reduce the scope of the NOT NULL strength reduction optimization that was added as item 8e in version 3.35.0. The optimization was being attempted in some contexts where it did not work, resulting in incorrect query results. - Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream. - Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0. ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 329 Released: Wed May 21 13:23:02 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read (bsc#1241453) ----------------------------------------------------------------- Advisory ID: 330 Released: Wed May 21 17:37:32 2025 Summary: Security update for perl Type: security Severity: important References: 1241083,CVE-2024-56406 This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] The following package changes have been done: - glibc-2.38-9.1 updated - libxml2-2-2.11.6-8.1 updated - perl-base-5.38.2-2.1 updated - SL-Micro-release-6.0-25.28 updated - libglib-2_0-0-2.76.2-7.1 updated - libsqlite3-0-3.49.1-1.1 updated - libgobject-2_0-0-2.76.2-7.1 updated - libgmodule-2_0-0-2.76.2-7.1 updated - libgio-2_0-0-2.76.2-7.1 updated - glib2-tools-2.76.2-7.1 updated - libnm0-1.42.6-6.1 updated - NetworkManager-1.42.6-6.1 updated - elemental-register-1.6.9-1.1 updated - elemental-support-1.6.9-1.1 updated - glibc-locale-base-2.38-9.1 updated - container:SL-Micro-base-container-2.1.3-7.4 updated From sle-container-updates at lists.suse.com Sat May 24 07:17:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:17:33 +0200 (CEST) Subject: SUSE-IU-2025:1413-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250524071733.BB4BCF78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1413-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.36 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.36 Severity : critical Type : security References : 1224868 1234128 1239883 1240897 1241020 1241078 1241083 1241453 1241551 1242901 1243317 CVE-2024-56406 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3360 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 313 Released: Mon May 12 11:36:50 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). ----------------------------------------------------------------- Advisory ID: 314 Released: Mon May 12 11:55:56 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897). ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 325 Released: Fri May 16 14:45:12 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - Update to release 3.49.1: * Improve portability of makefiles and configure scripts. * CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws() function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very large (hundreds of megabytes). * CVE-2025-29088, bsc#1241078: Enhanced the SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust against misuse. - Update to release 3.49.0: * Enhancements to the query planner: - Improve the query-time index optimization so that it works on WITHOUT ROWID tables. - Better query plans for large star-query joins. This fixes three different performance regressions that were reported on the SQLite Forum. - When two or more queries have the same estimated cost, use the one with the fewer bytes per row. * Enhance the iif() SQL function so that it can accept any number of arguments greater than or equal to two. * Enhance the session extension so that it works on databases that make use of generated columns. * Omit the SQLITE_USE_STDIO_FOR_CONSOLE compile-time option which was not implemented correctly and never worked right. In its place add the SQLITE_USE_W32_FOR_CONSOLE_IO compile-time option. This option applies to command-line tools like the CLI only, not to the SQLite core. It causes Win32 APIs to be used for console I/O instead of stdio. This option affects Windows builds only. * Three new options to sqlite3_db_config(). All default 'on'. SQLITE_DBCONFIG_ENABLE_ATTACH_CREATE SQLITE_DBCONFIG_ENABLE_ATTACH_WRITE SQLITE_DBCONFIG_ENABLE_COMMENTS - Re-enable SONAME which got disabled by default in 3.48.0. * https://www.sqlite.org/src/forumpost/5a3b44f510df8ded * https://sqlite.org/forum/forumpost/ab8f15697a - Update to release 3.48.0: * Improved EXPLAIN QUERY PLAN output for covering indexes. * Allow a two-argument version of the iif() SQL function. * Also allow if() as an alternative spelling for iif(). * Add the '.dbtotxt' command to the CLI. * Add the SQLITE_IOCAP_SUBPAGE_READ property to the xDeviceCharacteristics method of the sqlite3_io_methods object. * Add the SQLITE_PREPARE_DONT_LOG option to sqlite3_prepare_v3() that prevents warning messages being sent to the error log if the SQL is ill-formed. This allows sqlite3_prepare_v3() to be used to do test compiles of SQL to check for validity without polluting the error log with false messages. * Increase the minimum allowed value of SQLITE_LIMIT_LENGTH from 1 to 30. * Added the SQLITE_FCNTL_NULL_IO file control. * Extend the FTS5 auxiliary API xInstToken() to work with prefix queries via the insttoken configuration option and the fts5_insttoken() SQL function. * Increase the maximum number of arguments to an SQL function from 127 to 1000. - Update to release 3.47.2: * Fix a problem in text-to-floating-point conversion that affects text values where the first 16 significant digits are '1844674407370955'. This issue was introduced in 3.47.0 and only arises on x64 and i386 hardware. * Other minor bug fixes. - Enable the session extension, because NodeJS 22 needs it. - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the 'install' target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like 'SELECT func(a) FROM tab GROUP BY 1' only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the 'order-by-subquery' optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The 'indexed-subtype-expr' optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the 'long double' data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript 'opfs' VFS. Correct 'mode=ro' handling for the 'opfs' VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. - Update to release 3.46.0: * https://sqlite.org/releaselog/3_46_0.html * Enhance PRAGMA optimize in multiple ways. * Enhancements to the date and time functions. * Add support for underscore ('_') characters between digits in numeric literals. * Add the json_pretty() SQL function. * Query planner improvements. * Allocate additional memory from the heap for the SQL parser stack if that stack overflows, rather than reporting a 'parser stack overflow' error. * Allow ASCII control characters within JSON5 string literals. * Fix the -> and ->> JSON operators so that when the right-hand side operand is a string that looks like an integer it is still treated as a string, because that is what PostgreSQL does. - Update to release 3.45.3: * Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the 'old.*' values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. * Reduce the scope of the NOT NULL strength reduction optimization that was added as item 8e in version 3.35.0. The optimization was being attempted in some contexts where it did not work, resulting in incorrect query results. - Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream. - Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0. ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 329 Released: Wed May 21 13:23:02 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read (bsc#1241453) ----------------------------------------------------------------- Advisory ID: 330 Released: Wed May 21 17:37:32 2025 Summary: Security update for perl Type: security Severity: important References: 1241083,CVE-2024-56406 This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] The following package changes have been done: - glibc-2.38-9.1 updated - libxml2-2-2.11.6-8.1 updated - perl-base-5.38.2-2.1 updated - SL-Micro-release-6.0-25.28 updated - libglib-2_0-0-2.76.2-7.1 updated - libsqlite3-0-3.49.1-1.1 updated - libgobject-2_0-0-2.76.2-7.1 updated - libgmodule-2_0-0-2.76.2-7.1 updated - libgio-2_0-0-2.76.2-7.1 updated - glib2-tools-2.76.2-7.1 updated - libnm0-1.42.6-6.1 updated - NetworkManager-1.42.6-6.1 updated - elemental-register-1.6.9-1.1 updated - elemental-support-1.6.9-1.1 updated - glibc-locale-base-2.38-9.1 updated - container:SL-Micro-container-2.1.3-6.35 updated From sle-container-updates at lists.suse.com Sat May 24 07:19:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 09:19:03 +0200 (CEST) Subject: SUSE-IU-2025:1414-1: Recommended update of suse/sl-micro/6.1/baremetal-os-container Message-ID: <20250524071903.1DBA6F78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1414-1 Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-5.5 , suse/sl-micro/6.1/baremetal-os-container:latest Image Release : 5.5 Severity : moderate Type : recommended References : 1174414 1237260 CVE-2019-2708 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 118 Released: Fri May 23 17:35:27 2025 Summary: Recommended update for pcp Type: recommended Severity: moderate References: 1174414,1237260,CVE-2019-2708 This update for pcp fixes the following issues: - Enable custom pcp-selinux module (bsc#1237260) The following package changes have been done: - pcp-conf-6.2.0-slfo.1.1_4.1 updated - libpcp3-6.2.0-slfo.1.1_4.1 updated - libpcp_import1-6.2.0-slfo.1.1_4.1 updated From sle-container-updates at lists.suse.com Sun May 25 07:13:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 May 2025 09:13:22 +0200 (CEST) Subject: SUSE-CU-2025:3686-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250525071322.A44C1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3686-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.53 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.53 Severity : moderate Type : recommended References : 1239297 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1685-1 Released: Fri May 23 08:04:34 2025 Summary: Recommended update for sysstat Type: recommended Severity: moderate References: 1239297 This update for sysstat fixes the following issues: - Removed cron dependency in favour of systemd timers (bsc#1239297) - Removed sysstat.cron.suse The following package changes have been done: - glibc-locale-base-2.38-150600.14.32.1 updated - glibc-2.38-150600.14.32.1 updated - sysstat-12.0.2-150000.3.40.1 updated - cron-4.2-150400.84.3.1 removed - cronie-1.5.7-150400.84.3.1 removed - mailx-12.5-150600.16.3 removed From sle-container-updates at lists.suse.com Tue May 27 07:05:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:22 +0200 (CEST) Subject: SUSE-CU-2025:3706-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070522.29E02FD12@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3706-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-base , rancher/elemental-channel/sl-micro:6.0-base-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:26 +0200 (CEST) Subject: SUSE-CU-2025:3707-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070526.ACE65FD1A@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3707-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-kvm , rancher/elemental-channel/sl-micro:6.0-kvm-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:31 +0200 (CEST) Subject: SUSE-CU-2025:3708-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070531.06D8EFD1A@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3708-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-rt , rancher/elemental-channel/sl-micro:6.0-rt-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:32 +0200 (CEST) Subject: SUSE-CU-2025:3709-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070532.A11B1FD1A@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3709-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-baremetal , rancher/elemental-channel/sl-micro:6.1-baremetal-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:35 +0200 (CEST) Subject: SUSE-CU-2025:3711-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070535.DC7FEFD1B@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3711-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-kvm , rancher/elemental-channel/sl-micro:6.1-kvm-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:37 +0200 (CEST) Subject: SUSE-CU-2025:3712-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070537.76EE8FD1B@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3712-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-rt , rancher/elemental-channel/sl-micro:6.1-rt-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:46 +0200 (CEST) Subject: SUSE-CU-2025:3713-1: Security update of rancher/elemental-operator Message-ID: <20250527070546.A183BFD1B@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3713-1 Container Tags : rancher/elemental-operator:1.6.9 , rancher/elemental-operator:1.6.9-8.1 , rancher/elemental-operator:latest Container Release : 8.1 Severity : critical Type : security References : 1010996 1199079 1229003 1234128 1234798 1239883 1240009 1240343 1242901 1243317 441356 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 331 Released: Wed May 21 17:40:23 2025 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1010996,1199079,1229003,1234798,1240009,1240343,441356 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - explicit remove distrusted certs, as the distrust does not get exported correctly and the SSL certs are still trusted. (bsc#1240343) - Entrust.net Premium 2048 Secure Server CA - Entrust Root Certification Authority - AffirmTrust Commercial - AffirmTrust Networking - AffirmTrust Premium - AffirmTrust Premium ECC - Entrust Root Certification Authority - G2 - Entrust Root Certification Authority - EC1 - GlobalSign Root E46 - GLOBALTRUST 2020 - pass file argument to awk (bsc#1240009) - update to 2.74 state of Mozilla SSL root CAs: Removed: * SwissSign Silver CA - G2 Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 - remove extensive signature printing in comments of the cert bundle - Define two macros to break a build cycle with p11-kit. - Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed: - SecureSign RootCA11 - Security Communication RootCA3 Added: - TWCA CYBER Root CA - TWCA Global Root CA G2 - SecureSign Root CA12 - SecureSign Root CA14 - SecureSign Root CA15 The following package changes have been done: - elemental-operator-1.6.9-1.1 updated - glibc-2.38-9.1 updated - ca-certificates-mozilla-2.74-1.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:55 +0200 (CEST) Subject: SUSE-CU-2025:3714-1: Security update of rancher/seedimage-builder Message-ID: <20250527070555.91413FD1B@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3714-1 Container Tags : rancher/seedimage-builder:1.6.9 , rancher/seedimage-builder:1.6.9-8.1 , rancher/seedimage-builder:latest Container Release : 8.1 Severity : critical Type : security References : 1010996 1035807 1036457 1079600 1198823 1198830 1198832 1199079 1219559 1219561 1221289 1227316 1229003 1229930 1229931 1229932 1232579 1232601 1234015 1234128 1234798 1236886 1238700 1239335 1239618 1239883 1240009 1240343 1241083 1241453 1241551 1242901 1243317 441356 867620 CVE-2013-0340 CVE-2014-2240 CVE-2014-2241 CVE-2017-8105 CVE-2017-8287 CVE-2019-15903 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2023-52425 CVE-2023-52426 CVE-2024-28757 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-50602 CVE-2024-56406 CVE-2024-8176 CVE-2025-22869 CVE-2025-22870 CVE-2025-32414 CVE-2025-32415 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 299 Released: Wed Apr 23 16:13:01 2025 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1234015,1236886 This update for systemd fixes the following issues: - Maintain the network device naming scheme used on SLE15 (jsc#PED-12317) This shouldn't cause problems as predictable naming schemes are disabled on SLMicro-6.1 (net.ifnames=0 is set on the kernel command line by default). - allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015) ----------------------------------------------------------------- Advisory ID: 300 Released: Thu Apr 24 16:44:51 2025 Summary: Security update for freetype2 Type: security Severity: important References: 1035807,1036457,1079600,1198823,1198830,1198832,867620,CVE-2014-2240,CVE-2014-2241,CVE-2017-8105,CVE-2017-8287,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: Update to 2.13.2: * Some fields in the `FT_Outline` structure have been changed from signed to unsigned type, which better reflects the actual usage. It is also an additional means to protect against malformed input. * Rare double-free crashes in the cache subsystem have been fixed. * Excessive stack allocation in the autohinter has been fixed. * The B/W rasterizer has received a major upkeep that results in large performance improvements. The rendering speed has increased and even doubled for very complex glyphs. ----------------------------------------------------------------- Advisory ID: 304 Released: Tue Apr 29 13:07:45 2025 Summary: Security update for expat Type: security Severity: important References: 1219559,1219561,1221289,1229930,1229931,1229932,1232579,1232601,1239618,CVE-2013-0340,CVE-2019-15903,CVE-2023-52425,CVE-2023-52426,CVE-2024-28757,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492,CVE-2024-50602,CVE-2024-8176 This update for expat fixes the following issues: Version update to 2.7.1: * Bug fixes: * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext * Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]) * Security fixes: * CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ('&g1;') - general entities in attribute values ('') - parameter entities ('%p1;') Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. * Other changes: * Document changes since the previous release * Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Version update to 2.6.4: * Security fixes: [bsc#1232601][bsc#1232579] * CVE-2024-50602 -- Fix crash within function XML_ResumeParser from a NULL pointer dereference by disallowing function XML_StopParser to (stop or) suspend an unstarted parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly communicate this situation. // CWE-476 CWE-754 * Other changes: * Version info bumped from 10:3:9 (libexpat*.so.1.9.3) to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/ for what these numbers do Update to 2.6.3: * Security fixes: - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. * Other changes: - Version info bumped from 10:2:9 (libexpat*.so.1.9.2) to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/ for what these numbers do Update to 2.6.2: * CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers (bsc#1221289) * Reject direct parameter entity recursion and avoid the related undefined behavior Update to 2.6.1: * Expose billion laughs API with XML_DTD defined and XML_GE undefined, regression from 2.6.0 * Make tests independent of CPU speed, and thus more robust Update to 2.6.0: * Security fixes: - CVE-2023-52425 (bsc#1219559) Fix quadratic runtime issues with big tokens that can cause denial of service, in partial where dealing with compressed XML input. Applications that parsed a document in one go -- a single call to functions XML_Parse or XML_ParseBuffer -- were not affected. The smaller the chunks/buffers you use for parsing previously, the bigger the problem prior to the fix. Backporters should be careful to no omit parts of pull request #789 and to include earlier pull request #771, in order to not break the fix. - CVE-2023-52426 (bsc#1219561) Fix billion laughs attacks for users compiling *without* XML_DTD defined (which is not common). Users with XML_DTD defined have been protected since Expat >=2.4.0 (and that was CVE-2013-0340 back then). * Bug fixes: - Fix parse-size-dependent 'invalid token' error for external entities that start with a byte order mark - Fix NULL pointer dereference in setContext via XML_ExternalEntityParserCreate for compilation with XML_DTD undefined - Protect against closing entities out of order * Other changes: - Improve support for arc4random/arc4random_buf - Improve buffer growth in XML_GetBuffer and XML_Parse - xmlwf: Support --help and --version - xmlwf: Support custom buffer size for XML_GetBuffer and read - xmlwf: Improve language and URL clickability in help output - examples: Add new example 'element_declarations.c' - Be stricter about macro XML_CONTEXT_BYTES at build time - Make inclusion to expat_config.h consistent - Autotools: configure.ac: Support --disable-maintainer-mode - Autotools: Sync CMake templates with CMake 3.26 - Autotools: Make installation of shipped man page doc/xmlwf.1 independent of docbook2man availability - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file section 'Cflags.private' in order to fix compilation against static libexpat using pkg-config on Windows - Autotools|CMake: Require a C99 compiler (a de-facto requirement already since Expat 2.2.2 of 2017) - Autotools|CMake: Fix PACKAGE_BUGREPORT variable - Autotools|CMake: Make test suite require a C++11 compiler - CMake: Require CMake >=3.5.0 - CMake: Lowercase off_t and size_t to help a bug in Meson - CMake: Sort xmlwf sources alphabetically - CMake|Windows: Fix generation of DLL file version info - CMake: Build tests/benchmark/benchmark.c as well for a build with -DEXPAT_BUILD_TESTS=ON - docs: Document the importance of isFinal + adjust tests accordingly - docs: Improve use of 'NULL' and 'null' - docs: Be specific about version of XML (XML 1.0r4) and version of C (C99); (XML 1.0r5 will need a sponsor.) - docs: reference.html: Promote function XML_ParseBuffer more - docs: reference.html: Add HTML anchors to XML_* macros - docs: reference.html: Upgrade to OK.css 1.2.0 - docs: Fix typos - docs|CI: Use HTTPS URLs instead of HTTP at various places - Address compiler warnings - Address clang-tidy warnings - Version info bumped from 9:10:8 (libexpat*.so.1.8.10) to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/ for what these numbers do ----------------------------------------------------------------- Advisory ID: 305 Released: Tue Apr 29 13:13:15 2025 Summary: Security update for elemental-toolkit Type: security Severity: important References: 1238700,1239335,CVE-2025-22869,CVE-2025-22870 This update for elemental-toolkit fixes the following issues: - Updated to version 2.1.3: * Simplify podman calls in CI steup * Switched GHA runners to Ubuntu 24.04 * Updated year in headers * Updated to go1.23, required by the new x/crypto module * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700) * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335) ----------------------------------------------------------------- Advisory ID: 311 Released: Wed May 7 08:55:18 2025 Summary: Recommended update for gettext-runtime Type: recommended Severity: moderate References: 1227316 This update for gettext-runtime fixes the following issues: - Fixed handling of po files with malformed header (bsc#1227316) ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 329 Released: Wed May 21 13:23:02 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read (bsc#1241453) ----------------------------------------------------------------- Advisory ID: 330 Released: Wed May 21 17:37:32 2025 Summary: Security update for perl Type: security Severity: important References: 1241083,CVE-2024-56406 This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] ----------------------------------------------------------------- Advisory ID: 331 Released: Wed May 21 17:40:23 2025 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1010996,1199079,1229003,1234798,1240009,1240343,441356 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - explicit remove distrusted certs, as the distrust does not get exported correctly and the SSL certs are still trusted. (bsc#1240343) - Entrust.net Premium 2048 Secure Server CA - Entrust Root Certification Authority - AffirmTrust Commercial - AffirmTrust Networking - AffirmTrust Premium - AffirmTrust Premium ECC - Entrust Root Certification Authority - G2 - Entrust Root Certification Authority - EC1 - GlobalSign Root E46 - GLOBALTRUST 2020 - pass file argument to awk (bsc#1240009) - update to 2.74 state of Mozilla SSL root CAs: Removed: * SwissSign Silver CA - G2 Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 - remove extensive signature printing in comments of the cert bundle - Define two macros to break a build cycle with p11-kit. - Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed: - SecureSign RootCA11 - Security Communication RootCA3 Added: - TWCA CYBER Root CA - TWCA Global Root CA G2 - SecureSign Root CA12 - SecureSign Root CA14 - SecureSign Root CA15 The following package changes have been done: - elemental-httpfy-1.6.9-1.1 updated - elemental-seedimage-hooks-1.6.9-1.1 updated - glibc-2.38-9.1 updated - libtextstyle0-0.21.1-6.1 updated - libexpat1-2.7.1-1.1 updated - libxml2-2-2.11.6-8.1 updated - perl-base-5.38.2-2.1 updated - libudev1-254.24-1.1 updated - libsystemd0-254.24-1.1 updated - libfreetype6-2.13.3-1.1 updated - gettext-runtime-0.21.1-6.1 updated - glibc-locale-base-2.38-9.1 updated - ca-certificates-mozilla-2.74-1.1 updated - systemd-254.24-1.1 updated - udev-254.24-1.1 updated - elemental-toolkit-2.1.3-1.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:07:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:07:14 +0200 (CEST) Subject: SUSE-IU-2025:1426-1: Recommended update of suse/sl-micro/6.0/base-os-container Message-ID: <20250527070714.62093FD21@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1426-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.5 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.5 Severity : moderate Type : recommended References : 1217885 1240919 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 338 Released: Mon May 26 11:57:21 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1240919 This update for dracut fixes the following issues: Update to version 059+suse.597.gb05a38d8: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions The following package changes have been done: - dracut-059+suse.597.gb05a38d8-1.1 updated From sle-container-updates at lists.suse.com Tue May 27 07:07:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:07:46 +0200 (CEST) Subject: SUSE-IU-2025:1427-1: Recommended update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250527070746.227EEFD21@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1427-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.32 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.32 Severity : moderate Type : recommended References : 1217885 1240919 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 338 Released: Mon May 26 11:57:21 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1240919 This update for dracut fixes the following issues: Update to version 059+suse.597.gb05a38d8: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions The following package changes have been done: - dracut-059+suse.597.gb05a38d8-1.1 updated - container:SL-Micro-base-container-2.1.3-7.5 updated From sle-container-updates at lists.suse.com Tue May 27 07:08:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:08:22 +0200 (CEST) Subject: SUSE-IU-2025:1428-1: Recommended update of suse/sl-micro/6.0/rt-os-container Message-ID: <20250527070822.33618FD21@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1428-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-7.37 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 7.37 Severity : moderate Type : recommended References : 1217885 1240919 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 338 Released: Mon May 26 11:57:21 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1240919 This update for dracut fixes the following issues: Update to version 059+suse.597.gb05a38d8: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions The following package changes have been done: - dracut-059+suse.597.gb05a38d8-1.1 updated - container:SL-Micro-container-2.1.3-6.36 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:17 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:17 +0200 (CEST) Subject: SUSE-CU-2025:3705-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070517.AB9C7FCFE@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3705-1 Container Tags : rancher/elemental-channel/sl-micro:6.0-baremetal , rancher/elemental-channel/sl-micro:6.0-baremetal-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:06:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:06:46 +0200 (CEST) Subject: SUSE-IU-2025:1425-1: Recommended update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20250527070646.1AD58FD1B@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1425-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.36 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 6.36 Severity : moderate Type : recommended References : 1217885 1240919 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 338 Released: Mon May 26 11:57:21 2025 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1217885,1240919 This update for dracut fixes the following issues: Update to version 059+suse.597.gb05a38d8: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions The following package changes have been done: - dracut-059+suse.597.gb05a38d8-1.1 updated - container:SL-Micro-base-container-2.1.3-7.5 updated From sle-container-updates at lists.suse.com Tue May 27 07:05:34 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:05:34 +0200 (CEST) Subject: SUSE-CU-2025:3710-1: Security update of rancher/elemental-channel/sl-micro Message-ID: <20250527070534.43580FD1A@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel/sl-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3710-1 Container Tags : rancher/elemental-channel/sl-micro:6.1-base , rancher/elemental-channel/sl-micro:6.1-base-8.1 Container Release : 8.1 Severity : critical Type : security References : 1234128 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container rancher/elemental-channel/sl-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The following package changes have been done: - glibc-2.38-9.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Tue May 27 07:24:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:24:06 +0200 (CEST) Subject: SUSE-CU-2025:3746-1: Security update of bci/python Message-ID: <20250527072406.331A8F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3746-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-66.11 Container Release : 66.11 Severity : important Type : security References : 1243313 CVE-2025-47273 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1704-1 Released: Mon May 26 13:02:41 2025 Summary: Security update for python-setuptools Type: security Severity: important References: 1243313,CVE-2025-47273 This update for python-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). The following package changes have been done: - python311-setuptools-67.7.2-150400.3.19.1 updated From sle-container-updates at lists.suse.com Tue May 27 07:30:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 09:30:24 +0200 (CEST) Subject: SUSE-CU-2025:3757-1: Security update of suse/kiosk/xorg Message-ID: <20250527073024.B17A4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3757-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-43.4 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 43.4 Severity : important Type : security References : 1189495 1191175 1216752 1218686 1222259 1237230 CVE-2021-3521 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4073-1 Released: Fri Oct 13 11:40:26 2023 Summary: Recommended update for rpm Type: recommended Severity: low References: This update for rpm fixes the following issue: - Enables build for all python modules (jsc#PED-68, jsc#PED-1988) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1557-1 Released: Wed May 8 11:42:34 2024 Summary: Security update for rpm Type: security Severity: moderate References: 1189495,1191175,1218686,CVE-2021-3521 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1597-1 Released: Tue May 20 10:06:42 2025 Summary: Recommended update for icewm Type: recommended Severity: moderate References: This update for icewm fixes the following issues: - Update the latest translation from https://l10n.opensuse.org/projects/icewm/icewm-1-4-branch/. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - kbd-legacy-2.4.0-150400.5.9.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libLLVM17-17.0.6-150600.3.7.1 updated - rpm-ndb-4.14.3-150400.59.16.1 added - kbd-2.4.0-150400.5.9.1 updated - icewm-lite-1.4.2-150000.7.18.1 updated - icewm-1.4.2-150000.7.18.1 updated - container:suse-sle15-15.6-9723cad40c7955f0b97d0dfae7305d02f72162b8e329bcc8833ef8ef23e8990b-0 added - container:registry.suse.com-bci-bci-micro-15.6-9723cad40c7955f0b97d0dfae7305d02f72162b8e329bcc8833ef8ef23e8990b-0 added - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 removed - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 removed - patterns-base-fips-20200124-150600.32.6.1 removed From sle-container-updates at lists.suse.com Tue May 27 11:28:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 13:28:20 +0200 (CEST) Subject: SUSE-CU-2025:3764-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250527112820.3C147FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3764-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.88 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.88 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1711-1 Released: Tue May 27 09:28:46 2025 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: - add and run a import-suse-build-key script, which will be run after installation using a systemd timer. (jsc#PED-2777) - import the SLES 15 SP6 and newer RSA 4k keys to allow migration. The following package changes have been done: - suse-build-key-12.0-7.22.1 updated From sle-container-updates at lists.suse.com Tue May 27 16:15:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:15:15 +0200 (CEST) Subject: SUSE-IU-2025:1434-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250527161515.A71E6FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1434-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.38 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.38 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.32 updated - glibc-locale-base-2.38-slfo.1.1_4.1 updated - container:suse-toolbox-image-1.0.0-4.35 updated From sle-container-updates at lists.suse.com Tue May 27 16:15:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:15:36 +0200 (CEST) Subject: SUSE-IU-2025:1435-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250527161536.57A99FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1435-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.38 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.38 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.32 updated - glibc-locale-base-2.38-slfo.1.1_4.1 updated - container:SL-Micro-base-container-2.2.0-4.38 updated From sle-container-updates at lists.suse.com Tue May 27 16:16:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:16:02 +0200 (CEST) Subject: SUSE-IU-2025:1436-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250527161602.A493AFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1436-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.45 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.45 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - SL-Micro-release-6.1-slfo.1.11.32 updated - glibc-locale-base-2.38-slfo.1.1_4.1 updated - container:SL-Micro-container-2.2.0-5.7 updated From sle-container-updates at lists.suse.com Tue May 27 16:16:20 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:16:20 +0200 (CEST) Subject: SUSE-CU-2025:3767-1: Security update of suse/sl-micro/6.1/baremetal-iso-image Message-ID: <20250527161620.4EEFFFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/baremetal-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3767-1 Container Tags : suse/sl-micro/6.1/baremetal-iso-image:2.2.0 , suse/sl-micro/6.1/baremetal-iso-image:2.2.0-4.42 , suse/sl-micro/6.1/baremetal-iso-image:latest Container Release : 4.42 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/baremetal-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - container:SL-Micro-container-2.2.0-5.7 updated From sle-container-updates at lists.suse.com Tue May 27 16:16:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:16:38 +0200 (CEST) Subject: SUSE-CU-2025:3768-1: Security update of suse/sl-micro/6.1/base-iso-image Message-ID: <20250527161638.28C48FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/base-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3768-1 Container Tags : suse/sl-micro/6.1/base-iso-image:2.2.0 , suse/sl-micro/6.1/base-iso-image:2.2.0-4.42 , suse/sl-micro/6.1/base-iso-image:latest Container Release : 4.42 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - container:SL-Micro-base-container-2.2.0-5.7 updated - container:SL-Micro-container-2.2.0-5.7 updated From sle-container-updates at lists.suse.com Tue May 27 16:16:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:16:55 +0200 (CEST) Subject: SUSE-CU-2025:3769-1: Security update of suse/sl-micro/6.1/kvm-iso-image Message-ID: <20250527161655.6FA71FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/kvm-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3769-1 Container Tags : suse/sl-micro/6.1/kvm-iso-image:2.2.0 , suse/sl-micro/6.1/kvm-iso-image:2.2.0-4.45 , suse/sl-micro/6.1/kvm-iso-image:latest Container Release : 4.45 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - container:SL-Micro-kvm-container-2.2.0-5.7 updated - container:SL-Micro-container-2.2.0-5.7 updated From sle-container-updates at lists.suse.com Tue May 27 16:17:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:17:15 +0200 (CEST) Subject: SUSE-CU-2025:3770-1: Security update of suse/sl-micro/6.1/rt-iso-image Message-ID: <20250527161715.9FE7AFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.1/rt-iso-image ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3770-1 Container Tags : suse/sl-micro/6.1/rt-iso-image:2.2.0 , suse/sl-micro/6.1/rt-iso-image:2.2.0-4.45 , suse/sl-micro/6.1/rt-iso-image:latest Container Release : 4.45 Severity : critical Type : security References : 1234128 1234665 1239883 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-iso-image was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 122 Released: Tue May 27 11:28:57 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1234665,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) - Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665, BZ #29770) The following package changes have been done: - glibc-2.38-slfo.1.1_4.1 updated - container:SL-Micro-rt-container-2.2.0-5.7 updated - container:SL-Micro-container-2.2.0-5.7 updated From sle-container-updates at lists.suse.com Tue May 27 16:17:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:17:47 +0200 (CEST) Subject: SUSE-CU-2025:3771-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20250527161747.81F3BFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3771-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.5.49 , suse/ltss/sle15.4/bci-base-fips:latest Container Release : 5.49 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Tue May 27 16:24:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:24:31 +0200 (CEST) Subject: SUSE-CU-2025:3781-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250527162431.4E555FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3781-1 Container Tags : suse/kiosk/firefox-esr:128.10 , suse/kiosk/firefox-esr:128.10-45.2 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 45.2 Severity : critical Type : security References : 1102016 1106881 1129714 1140205 1140754 1149789 1160611 1160612 1160613 1160614 1160615 1162090 1162395 1166066 1172526 1172640 1173578 1179821 1180043 1180044 1180046 1180457 1184774 1186406 1186583 1186586 1186587 1186596 1186597 1186598 1186600 1186603 1186604 1186605 1186607 1186613 1186614 1186615 1186616 1186658 1186660 1186756 1186757 1186758 1186761 1186762 1186763 1186849 1186859 1186861 1186863 1187852 1189142 1189166 1189348 1189350 1189428 1189724 1190718 1190719 1190721 1190722 1190723 1190724 1190726 1190727 1190728 1190729 1190731 1190732 1190733 1190734 1190735 1205435 1206442 1206778 1209934 1210212 1214246 1215231 1215778 1223070 1223235 1223256 1223272 1223304 1223437 1225403 1225879 1227296 1228322 1229582 1233046 1234028 1235091 1235092 1236007 1237358 1237371 1237382 1243303 CVE-2018-14423 CVE-2018-16376 CVE-2018-20846 CVE-2018-21010 CVE-2019-13390 CVE-2019-17539 CVE-2019-2126 CVE-2019-9232 CVE-2019-9325 CVE-2019-9371 CVE-2019-9433 CVE-2019-9721 CVE-2020-0034 CVE-2020-13904 CVE-2020-15389 CVE-2020-20448 CVE-2020-20451 CVE-2020-20891 CVE-2020-20892 CVE-2020-20894 CVE-2020-20895 CVE-2020-20896 CVE-2020-20898 CVE-2020-20899 CVE-2020-20900 CVE-2020-20901 CVE-2020-20902 CVE-2020-21041 CVE-2020-21688 CVE-2020-21697 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22037 CVE-2020-22038 CVE-2020-22039 CVE-2020-22042 CVE-2020-22043 CVE-2020-22044 CVE-2020-22046 CVE-2020-22048 CVE-2020-22049 CVE-2020-22054 CVE-2020-27823 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-35965 CVE-2020-8112 CVE-2021-28429 CVE-2021-29338 CVE-2021-3566 CVE-2021-38090 CVE-2021-38091 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 CVE-2021-38094 CVE-2021-38114 CVE-2021-38171 CVE-2021-38291 CVE-2022-3109 CVE-2022-3341 CVE-2022-48434 CVE-2023-1999 CVE-2023-4863 CVE-2023-49502 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51798 CVE-2023-5217 CVE-2023-6349 CVE-2024-12361 CVE-2024-31578 CVE-2024-32230 CVE-2024-35365 CVE-2024-35368 CVE-2024-36613 CVE-2024-5197 CVE-2025-0518 CVE-2025-22919 CVE-2025-22921 CVE-2025-4918 CVE-2025-4919 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:143-1 Released: Mon Jan 20 16:10:38 2020 Summary: Security update for libvpx Type: security Severity: important References: 1160611,1160612,1160613,1160614,1160615,CVE-2019-2126,CVE-2019-9232,CVE-2019-9325,CVE-2019-9371,CVE-2019-9433 This update for libvpx fixes the following issues: - CVE-2019-2126: Fixed a double free in ParseContentEncodingEntry() (bsc#1160611). - CVE-2019-9325: Fixed an out-of-bounds read (bsc#1160612). - CVE-2019-9232: Fixed an out-of-bounds memory access on fuzzed data (bsc#1160613). - CVE-2019-9433: Fixed a use-after-free in vp8_deblock() (bsc#1160614). - CVE-2019-9371: Fixed a resource exhaustion after memory leak (bsc#1160615). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:336-1 Released: Thu Feb 6 12:45:08 2020 Summary: Recommended update for opus Type: recommended Severity: moderate References: 1162395 This update for opus fixes the following issues: - Fixes an issue with the analysis on files with digital silence (all zeros), especially on x87 builds (mostly affects 32-bit builds) - Improved speech/music detection based on a neural network - Low-bitrate speech improvements - Added support for immersive audio using ambisonics - Improved tone quality This update also improves the security of this software. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1297-1 Released: Mon May 18 07:42:18 2020 Summary: Security update for libvpx Type: security Severity: moderate References: 1166066,CVE-2020-0034 This update for libvpx fixes the following issues: - CVE-2020-0034: Fixed an out-of-bounds read on truncated key frames (bsc#1166066). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2115-1 Released: Tue Aug 4 12:12:10 2020 Summary: Recommended update for opus Type: recommended Severity: moderate References: 1172526 This update for opus fixes the following issues: - Fix for an issue when the 'CELTDecoder' can be larger than 21 and cauese crash by builds with custom modes or hardening. (bsc#1172526) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2322-1 Released: Wed Jul 14 17:03:03 2021 Summary: Security update for ffmpeg Type: security Severity: important References: 1172640,1186406,1186583,1186586,1186587,1186596,1186597,1186598,1186600,1186603,1186604,1186605,1186613,1186614,1186615,1186616,1186658,1186660,1186757,1186758,1186762,1186763,CVE-2019-17539,CVE-2020-13904,CVE-2020-20448,CVE-2020-20451,CVE-2020-21041,CVE-2020-22015,CVE-2020-22016,CVE-2020-22017,CVE-2020-22019,CVE-2020-22020,CVE-2020-22021,CVE-2020-22022,CVE-2020-22023,CVE-2020-22025,CVE-2020-22026,CVE-2020-22031,CVE-2020-22032,CVE-2020-22033,CVE-2020-22034,CVE-2020-22038,CVE-2020-22039,CVE-2020-22043,CVE-2020-22044 This update for ffmpeg fixes the following issues: - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596). - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598). - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600). - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603). - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604) - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605). - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613). - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614). - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616). - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658). - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660). - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757). - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758). - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762). - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763). - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2919-1 Released: Thu Sep 2 10:04:41 2021 Summary: Security update for ffmpeg Type: security Severity: important References: 1129714,1186849,1186859,1186861,1186863,1189142,1189348,1189350,CVE-2019-9721,CVE-2020-21688,CVE-2020-21697,CVE-2020-22046,CVE-2020-22048,CVE-2020-22049,CVE-2020-22054,CVE-2021-38114 This update for ffmpeg fixes the following issues: - CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714). - CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849). - CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859). - CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861). - CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863). - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348). - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350). - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3193-1 Released: Thu Sep 23 11:24:50 2021 Summary: Security update for ffmpeg Type: security Severity: important References: 1189724,CVE-2021-38171 This update for ffmpeg fixes the following issues: - CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3293-1 Released: Wed Oct 6 16:47:31 2021 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1186761,CVE-2020-22042 This update for ffmpeg fixes the following issues: - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3521-1 Released: Tue Oct 26 15:38:44 2021 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1186756,1187852,1189166,1190718,1190719,1190722,1190723,1190726,1190729,1190733,1190734,1190735,CVE-2020-20891,CVE-2020-20892,CVE-2020-20895,CVE-2020-20896,CVE-2020-20899,CVE-2020-20902,CVE-2020-22037,CVE-2020-35965,CVE-2021-3566,CVE-2021-38092,CVE-2021-38093,CVE-2021-38094 This update for ffmpeg fixes the following issues: - CVE-2021-3566: Fixed information leak (bsc#1189166). - CVE-2021-38093: Fixed integer overflow vulnerability in filter_robert() (bsc#1190734) - CVE-2021-38092: Fixed integer overflow vulnerability in filter_prewitt() (bsc#1190733) - CVE-2021-38094: Fixed integer overflow vulnerability in filter_sobel() (bsc#1190735) - CVE-2020-22037: Fixed denial of service vulnerability caused by memory leak in avcodec_alloc_context3() (bsc#1186756) - CVE-2020-35965: Fixed out-of-bounds write in decode_frame() (bsc#1187852) - CVE-2020-20892: Fixed an issue with filter_frame() (bsc#1190719) - CVE-2020-20891: Fixed a buffer overflow vulnerability in config_input() (bsc#1190718) - CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name (bsc#1190722) - CVE-2020-20896: Fixed an issue with latm_write_packet() (bsc#1190723) - CVE-2020-20899: Fixed a buffer overflow vulnerability in config_props() (bsc#1190726) - CVE-2020-20902: Fixed an out-of-bounds read vulnerabilit long_term_filter() (bsc#1190729) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2022:885-1 Released: Thu Mar 17 09:47:48 2022 Summary: Optional update for SUSE Package Hub Type: optional Severity: moderate References: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: freerdp, libgsm ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1296-1 Released: Thu Apr 21 17:28:44 2022 Summary: Security update for openjpeg Type: security Severity: important References: 1102016,1106881,1162090,1173578,1180457,1184774,CVE-2018-14423,CVE-2018-16376,CVE-2020-15389,CVE-2020-27823,CVE-2020-8112,CVE-2021-29338 This update for openjpeg fixes the following issues: - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2020-8112: Fixed a heap buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed a use-after-free if a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed a heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457), - CVE-2021-29338: Fixed an integer Overflow allows remote attackers to crash the application (bsc#1184774). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4082-1 Released: Fri Nov 18 15:44:06 2022 Summary: Security update for openjpeg Type: security Severity: important References: 1140205,1149789,1179821,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27824,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845 This update for openjpeg fixes the following issues: - CVE-2018-20846: Fixed an Out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi. (bsc#1140205) - CVE-2018-21010: Fixed a heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789) - CVE-2020-27824: Fixed an OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821) - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043) - CVE-2020-27843: Fixed an out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044) - CVE-2020-27845: Fixed a heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:7-1 Released: Mon Jan 2 11:39:38 2023 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1206442,CVE-2022-3109 This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:206-1 Released: Mon Jan 30 11:17:59 2023 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1140754,1206778,CVE-2019-13390,CVE-2022-3341 This update for ffmpeg fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). - CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2108-1 Released: Fri May 5 12:26:28 2023 Summary: Security update for ffmpeg Type: security Severity: important References: 1209934,CVE-2022-48434 This update for ffmpeg fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2467-1 Released: Thu Jun 8 09:44:36 2023 Summary: Security update for libwebp Type: security Severity: important References: 1210212,CVE-2023-1999 This update for libwebp fixes the following issues: - CVE-2023-1999: Fixed a double free (bsc#1210212). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2023:3146-1 Released: Wed Aug 2 09:45:25 2023 Summary: Optional update for mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe Type: optional Severity: low References: This optional update provides the following feature: - Add additional binaries to PackageHub: mono-core, ghc, ghc-xml-conduit, gstreamer, poppler and python-mccabe. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3634-1 Released: Mon Sep 18 12:52:38 2023 Summary: Security update for libwebp Type: security Severity: critical References: 1215231,CVE-2023-4863 This update for libwebp fixes the following issues: - CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3818-1 Released: Wed Sep 27 18:34:04 2023 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1214246,CVE-2021-28429 This update for ffmpeg fixes the following issues: - CVE-2021-28429: Fixed Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c (bsc#1214246). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3948-1 Released: Tue Oct 3 19:06:25 2023 Summary: Security update for libvpx Type: security Severity: important References: 1215778,CVE-2023-5217 This update for libvpx fixes the following issues: - CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4111-1 Released: Wed Oct 18 12:50:14 2023 Summary: Recommended update for lame Type: recommended Severity: moderate References: This update for lame fixes the following issues: - Add a pkg-config file for libmp3lame ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:98-1 Released: Fri Jan 12 09:00:58 2024 Summary: Recommended update for gegl Type: recommended Severity: moderate References: This update for gegl and its dependencies fixes the following issues: gegl: - Allow building against a newer libraw (0.21) (jsc#PED-6351) celt, fdk-aac-free, ffmpeg-4, ilmbase, ldacBT, lensfun, libass, libbluray, libbs2b, libcdio-paranoia, libcdio, libdc1394, libgsm, libmfx, libopenmpt, libraw1394, libraw, libspiro, libva, libvdpau, lilv, metis, openexr, pipewire, pulseaudio, rtkit, SDL2, serd, sord, sratom, suitesparse, webrtc-audio-processing, wireplumber: - Deliver missing direct and indirect dependencies of gegl to SUSE Package Hub 15 SP{4,5} for aarch64, ppc64le, s390x and x86_64 - There are NO code changes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:563-1 Released: Wed Feb 21 05:37:24 2024 Summary: Recommended update for ffmpeg Type: recommended Severity: important References: 1205435 This update for ffmpeg contains the following fixes: - Added `libavresample3` and `libavformat57` to subpackages for Package Hub SLE-15-SP5 (bsc#1205435) - Fix RPM package build with new `binutils` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1468-1 Released: Mon Apr 29 17:58:58 2024 Summary: Security update for ffmpeg Type: security Severity: important References: 1190721,1190724,1190727,1190728,1190731,1190732,1223070,1223235,CVE-2020-20894,CVE-2020-20898,CVE-2020-20900,CVE-2020-20901,CVE-2021-38090,CVE-2021-38091,CVE-2021-38094,CVE-2023-49502,CVE-2024-31578 This update for ffmpeg fixes the following issues: - CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) Adding references for already fixed issues: - CVE-2021-38091: Fixed integer overflow in function filter16_sobel in libavfilter/vf_convolution.c (bsc#1190732) - CVE-2021-38090: Fixed integer overflow in function filter16_roberts in libavfilter/vf_convolution.c (bsc#1190731) - CVE-2020-20898: Fixed integer overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724) - CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c (bsc#1190728) - CVE-2020-20900: Fixed buffer overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190727) - CVE-2020-20894: Fixed buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190721) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1593-1 Released: Fri May 10 09:21:31 2024 Summary: Security update for ffmpeg Type: security Severity: important References: 1223256,CVE-2023-50010 This update for ffmpeg fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1908-1 Released: Mon Jun 3 17:27:48 2024 Summary: Security update for ffmpeg Type: security Severity: important References: 1223437,CVE-2023-51794 This update for ffmpeg fixes the following issues: - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2408-1 Released: Thu Jul 11 13:51:33 2024 Summary: Security update for libvpx Type: security Severity: important References: 1225403,1225879,CVE-2023-6349,CVE-2024-5197 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2814-1 Released: Wed Aug 7 12:02:18 2024 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1227296,CVE-2024-32230 This update for ffmpeg fixes the following issues: - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3114-1 Released: Tue Sep 3 17:04:56 2024 Summary: Security update for ffmpeg Type: security Severity: moderate References: 1186607,1189428,1223304,CVE-2020-22027,CVE-2021-38291,CVE-2023-51798 This update for ffmpeg fixes the following issues: - CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in deflate16 at libavfilter/vf_neighbor.c (bsc#1186607) - CVE-2021-38291: Fixed an assertion failure at src/libavutil/mathematics.c (bsc#1189428) - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function (bsc#1223304) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3130-1 Released: Tue Sep 3 17:41:16 2024 Summary: Recommended update for libwebp Type: recommended Severity: moderate References: 1228322,1229582 This update for libwebp fixes the following issue: - added libwebp7-32bit to packagehub for Wine. (bsc#1228322 bsc#1229582) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3992-1 Released: Fri Nov 15 06:06:14 2024 Summary: Recommended update for libvdpau Type: recommended Severity: important References: 1233046 This update for libvdpau fixes the following issues: - Add libvdpau1-32bit to Desktop Applications 15-SP5 and 15-SP6 (bsc#1233046) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1450-1 Released: Mon May 5 09:42:40 2025 Summary: Security update for ffmpeg Type: security Severity: important References: 1223272,1234028,1235091,1235092,1236007,1237358,1237371,1237382,CVE-2023-51793,CVE-2024-12361,CVE-2024-35365,CVE-2024-35368,CVE-2024-36613,CVE-2025-0518,CVE-2025-22919,CVE-2025-22921 This update for ffmpeg fixes the following issues: - CVE-2025-22921: Clear array length when freeing it. (bsc#1237382) - CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007) - CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371) - CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358) - CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092) - CVE-2024-35365: Fix double-free on error. (bsc#1235091) - CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028) - CVE-2023-51793: Fix out of array access. (bsc#1223272). - CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1701-1 Released: Sat May 24 10:34:21 2025 Summary: Security update for MozillaFirefox Type: security Severity: important References: 1243303,CVE-2025-4918,CVE-2025-4919 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.10.1 ESR. - MFSA 2025-37 (bsc#1243303) * CVE-2025-4918: Out-of-bounds access when resolving Promise objects * CVE-2025-4919: Out-of-bounds access when optimizing linear sums ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - glibc-2.38-150600.14.32.1 updated - libcelt0-2-0.11.3-150000.3.5.1 added - libdrm2-2.4.118-150600.1.4 added - libgsm1-1.0.14-150000.3.6.1 added - libmp3lame0-3.100-150000.3.5.1 added - libopenjpeg1-1.5.2-150000.4.10.1 added - libopus0-1.3.1-150000.3.8.1 added - libtheoradec1-1.1.1-150000.3.3.1 added - libtwolame0-0.3.13-150000.3.2.2 added - libva2-2.20.0-150600.1.3 added - libvpx4-1.6.1-150000.6.16.1 added - libwebp7-1.0.3-150200.3.12.1 added - ncurses-utils-6.1-150000.5.30.1 updated - libtheoraenc1-1.1.1-150000.3.3.1 added - libva-drm2-2.20.0-150600.1.3 added - libwebpmux3-1.0.3-150200.3.12.1 added - libopenssl3-3.1.4-150600.5.27.1 updated - libxcb-dri3-0-1.13-150000.3.11.1 added - libvdpau1-1.1.1-150000.3.6.1 added - libva-x11-2-2.20.0-150600.1.3 added - libavutil55-3.4.2-150200.11.60.1 added - libswresample2-3.4.2-150200.11.60.1 added - libavcodec57-3.4.2-150200.11.60.1 added - MozillaFirefox-128.10.1-150200.152.182.1 updated - container:suse-sle15-15.6-33375097a0345d32d31538bda11eb1df6a7d789cc02aea81dd4bf1ae2743e2e7-0 added - container:registry.suse.com-bci-bci-micro-15.6-33375097a0345d32d31538bda11eb1df6a7d789cc02aea81dd4bf1ae2743e2e7-0 added - container:registry.suse.com-bci-bci-base-15.6-bade1a0b1412a6bef2cee21fde3f8533d590abd3fa8d77331adac2d2973a3240-0 removed - libopenssl-3-fips-provider-3.1.4-150600.5.24.1 removed - patterns-base-fips-20200124-150600.32.6.1 removed From sle-container-updates at lists.suse.com Tue May 27 16:25:01 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:25:01 +0200 (CEST) Subject: SUSE-CU-2025:3784-1: Recommended update of bci/bci-minimal Message-ID: <20250527162501.802A5FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3784-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.36.2 , bci/bci-minimal:latest Container Release : 36.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Tue May 27 16:25:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:25:03 +0200 (CEST) Subject: SUSE-CU-2025:3785-1: Security update of suse/kiosk/pulseaudio Message-ID: <20250527162503.6A737FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3785-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-44.1 , suse/kiosk/pulseaudio:latest Container Release : 44.1 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1195468 1206412 1206798 1209122 1209122 1214290 1214290 1236842 1237230 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4016 ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - glibc-2.38-150600.14.32.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated - kbd-legacy-2.4.0-150400.5.9.1 updated - libapparmor1-3.1.7-150600.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - libLLVM17-17.0.6-150600.3.7.1 updated - libprocps8-3.3.17-150000.7.42.1 added - procps-3.3.17-150000.7.42.1 added - container:registry.suse.com-bci-bci-base-15.6-25eeb12f197c38d8873afb36299f0103ea1a6472d03b56758990f0b314c8d994-0 updated From sle-container-updates at lists.suse.com Tue May 27 16:27:26 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:27:26 +0200 (CEST) Subject: SUSE-CU-2025:3789-1: Recommended update of bci/spack Message-ID: <20250527162726.7476FFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3789-1 Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-10.2 , bci/spack:latest Container Release : 10.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - tack-6.1-150000.5.30.1 updated - ncurses-devel-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Tue May 27 16:27:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 May 2025 18:27:36 +0200 (CEST) Subject: SUSE-CU-2025:3791-1: Recommended update of suse/kiosk/xorg Message-ID: <20250527162736.7B191FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3791-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-44.1 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 44.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - ncurses-utils-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:03:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:03:09 +0200 (CEST) Subject: SUSE-CU-2025:3794-1: Recommended update of containers/milvus Message-ID: <20250528070309.DC5AEFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/milvus ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3794-1 Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.121 Container Release : 7.121 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/milvus was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - libprotobuf25_5_0-25.5-150600.2.64 updated - container:registry.suse.com-bci-bci-base-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:04:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:04:21 +0200 (CEST) Subject: SUSE-CU-2025:3795-1: Recommended update of containers/ollama Message-ID: <20250528070421.C2D9EFCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/ollama ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3795-1 Container Tags : containers/ollama:0 , containers/ollama:0.6.8 , containers/ollama:0.6.8-10.14 Container Release : 10.14 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/ollama was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:05:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:05:37 +0200 (CEST) Subject: SUSE-CU-2025:3797-1: Recommended update of containers/open-webui-pipelines Message-ID: <20250528070537.AE7D3FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui-pipelines ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3797-1 Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-5.2 Container Release : 5.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/open-webui-pipelines was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - glibc-2.38-150600.14.32.1 updated - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - python-open-webui-pipelines-0.20250329.151219-150600.3.3 updated - container:registry.suse.com-bci-bci-base-15.6.47.5.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:05:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:05:42 +0200 (CEST) Subject: SUSE-CU-2025:3798-1: Recommended update of containers/pytorch Message-ID: <20250528070542.CF593FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/pytorch ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3798-1 Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.7.0-nvidia , containers/pytorch:2.7.0-nvidia-2.13 Container Release : 2.13 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/pytorch was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - libprotobuf25_5_0-25.5-150600.2.64 updated - python311-protobuf-4.25.5-150600.2.64 updated - python311-numpy-2.1.1-150600.1.42 updated - python311-torch-cuda-2.7.0-150600.2.4 updated - container:registry.suse.com-bci-bci-base-15.6.47.5.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:07:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:07:12 +0200 (CEST) Subject: SUSE-IU-2025:1437-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20250528070712.41F89FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1437-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.174 , suse/sle-micro/base-5.5:latest Image Release : 5.8.174 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:07:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:07:52 +0200 (CEST) Subject: SUSE-IU-2025:1438-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20250528070752.A7AB2FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1438-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.333 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.333 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.174 updated From sle-container-updates at lists.suse.com Wed May 28 07:08:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:08:49 +0200 (CEST) Subject: SUSE-IU-2025:1439-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20250528070849.DB3F1FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1439-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.397 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.397 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.302 updated From sle-container-updates at lists.suse.com Wed May 28 07:09:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:09:48 +0200 (CEST) Subject: SUSE-IU-2025:1440-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20250528070948.6E743FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1440-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.302 , suse/sle-micro/5.5:latest Image Release : 5.5.302 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.174 updated From sle-container-updates at lists.suse.com Wed May 28 07:14:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:14:00 +0200 (CEST) Subject: SUSE-CU-2025:3804-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250528071400.DE8F5F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3804-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-5.1 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-5.1 , suse/ltss/sle15.5/sle15:latest Container Release : 5.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:14:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:14:09 +0200 (CEST) Subject: SUSE-CU-2025:3805-1: Recommended update of suse/bind Message-ID: <20250528071409.C0674F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/bind ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3805-1 Container Tags : suse/bind:9 , suse/bind:9.18 , suse/bind:9.18.33 , suse/bind:9.18.33-42.2 , suse/bind:latest Container Release : 42.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/bind was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:14:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:14:19 +0200 (CEST) Subject: SUSE-CU-2025:3806-1: Recommended update of suse/cosign Message-ID: <20250528071419.1C7D8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/cosign ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3806-1 Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.0 , suse/cosign:2.5.0-5.3 , suse/cosign:latest Container Release : 5.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/cosign was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:15:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:15:14 +0200 (CEST) Subject: SUSE-CU-2025:3808-1: Recommended update of suse/git Message-ID: <20250528071514.3BB66F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3808-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-40.3 , suse/git:latest Container Release : 40.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:17:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:17:12 +0200 (CEST) Subject: SUSE-CU-2025:3812-1: Recommended update of suse/helm Message-ID: <20250528071712.D649DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3812-1 Container Tags : suse/helm:3 , suse/helm:3.17 , suse/helm:3.17.3 , suse/helm:3.17.3-40.2 , suse/helm:latest Container Release : 40.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:18:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:18:37 +0200 (CEST) Subject: SUSE-CU-2025:3815-1: Recommended update of bci/kiwi Message-ID: <20250528071837.B4255F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3815-1 Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-25.1 , bci/kiwi:latest Container Release : 25.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - tack-6.1-150000.5.30.1 updated - ncurses-devel-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:18:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:18:42 +0200 (CEST) Subject: SUSE-CU-2025:3816-1: Recommended update of suse/kubectl Message-ID: <20250528071842.799ABF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3816-1 Container Tags : suse/kubectl:1.29 , suse/kubectl:1.29.14 , suse/kubectl:1.29.14-2.39.2 , suse/kubectl:oldstable , suse/kubectl:oldstable-2.39.2 Container Release : 39.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:18:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:18:46 +0200 (CEST) Subject: SUSE-CU-2025:3817-1: Recommended update of suse/kubectl Message-ID: <20250528071846.B9D0FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kubectl ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3817-1 Container Tags : suse/kubectl:1.31 , suse/kubectl:1.31.6 , suse/kubectl:1.31.6-1.39.3 , suse/kubectl:latest , suse/kubectl:stable , suse/kubectl:stable-1.39.3 Container Release : 39.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kubectl was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:19:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:19:02 +0200 (CEST) Subject: SUSE-CU-2025:3818-1: Recommended update of bci/bci-micro Message-ID: <20250528071902.82275F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3818-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.43.2 , bci/bci-micro:latest Container Release : 43.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:21:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:21:49 +0200 (CEST) Subject: SUSE-CU-2025:3824-1: Recommended update of suse/pcp Message-ID: <20250528072149.3ACF0F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3824-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-46.2 , suse/pcp:latest Container Release : 46.2 Severity : moderate Type : recommended References : 1237230 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1648-1 Released: Wed May 21 22:43:46 2025 Summary: Recommended update for kbd Type: recommended Severity: moderate References: 1237230 This update for kbd fixes the following issues: - Don't search for resources in the current directory. It can cause unwanted side effects or even infinite loop (bsc#1237230). The following package changes have been done: - glibc-2.38-150600.14.32.1 updated - libopenssl3-3.1.4-150600.5.27.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.27.1 updated - kbd-legacy-2.4.0-150400.5.9.1 updated - kbd-2.4.0-150400.5.9.1 updated - container:bci-bci-init-15.6-a1a8c7352f81f676645a1fc094ca951c497580f17c4594baa570ecfc9e5ae888-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:23:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:23:28 +0200 (CEST) Subject: SUSE-CU-2025:3827-1: Recommended update of suse/postgres Message-ID: <20250528072328.D289FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3827-1 Container Tags : suse/postgres:16 , suse/postgres:16.8 , suse/postgres:16.8 , suse/postgres:16.8-65.3 Container Release : 65.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:23:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:23:46 +0200 (CEST) Subject: SUSE-CU-2025:3829-1: Recommended update of suse/postgres Message-ID: <20250528072346.AD968F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3829-1 Container Tags : suse/postgres:17 , suse/postgres:17.5 , suse/postgres:17.5 , suse/postgres:17.5-46.2 , suse/postgres:latest Container Release : 46.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:25:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:25:52 +0200 (CEST) Subject: SUSE-CU-2025:3845-1: Recommended update of suse/mariadb-client Message-ID: <20250528072552.15C5AF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3845-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-59.4 , suse/mariadb-client:latest Container Release : 59.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - mariadb-errormessages-10.11.11-150600.4.10.1 updated - mariadb-client-10.11.11-150600.4.10.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:46:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:46:40 +0200 (CEST) Subject: SUSE-CU-2025:3845-1: Recommended update of suse/mariadb-client Message-ID: <20250528074640.7E7DAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3845-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.11 , suse/mariadb-client:10.11.11-59.4 , suse/mariadb-client:latest Container Release : 59.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - mariadb-errormessages-10.11.11-150600.4.10.1 updated - mariadb-client-10.11.11-150600.4.10.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:47:10 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:47:10 +0200 (CEST) Subject: SUSE-CU-2025:3847-1: Recommended update of suse/mariadb Message-ID: <20250528074710.9159DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3847-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.11 , suse/mariadb:10.11.11-65.3 , suse/mariadb:latest Container Release : 65.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - mariadb-errormessages-10.11.11-150600.4.10.1 updated - mariadb-tools-10.11.11-150600.4.10.1 updated - mariadb-client-10.11.11-150600.4.10.1 updated - mariadb-10.11.11-150600.4.10.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:49:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:49:50 +0200 (CEST) Subject: SUSE-CU-2025:3849-1: Recommended update of suse/sle15 Message-ID: <20250528074950.921F3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3849-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.42 , suse/sle15:15.6 , suse/sle15:15.6.47.20.42 Container Release : 47.20.42 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Wed May 28 07:49:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:49:59 +0200 (CEST) Subject: SUSE-CU-2025:3850-1: Recommended update of suse/stunnel Message-ID: <20250528074959.AD9A4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/stunnel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3850-1 Container Tags : suse/stunnel:5 , suse/stunnel:5.70 , suse/stunnel:5.70-41.3 , suse/stunnel:latest Container Release : 41.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/stunnel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:50:05 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:50:05 +0200 (CEST) Subject: SUSE-CU-2025:3851-1: Recommended update of suse/valkey Message-ID: <20250528075005.3196BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/valkey ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3851-1 Container Tags : suse/valkey:8 , suse/valkey:8.0 , suse/valkey:8.0.2 , suse/valkey:8.0.2-41.3 , suse/valkey:latest Container Release : 41.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/valkey was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:suse-sle15-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated - container:registry.suse.com-bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Wed May 28 07:53:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 May 2025 09:53:12 +0200 (CEST) Subject: SUSE-CU-2025:3864-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250528075312.8FD5BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3864-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.30 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.30 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1721-1 Released: Tue May 27 17:59:31 2025 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issue: - Version update 0.394: * Update pci, usb and vendor ids * Fix usb.ids encoding and a couple of typos * Fix configure to honor --prefix The following package changes have been done: - hwdata-0.394-150000.3.77.2 updated From sle-container-updates at lists.suse.com Thu May 29 07:04:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:04:15 +0200 (CEST) Subject: SUSE-CU-2025:3866-1: Recommended update of containers/open-webui Message-ID: <20250529070415.6D363FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3866-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-10.6 Container Release : 10.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:06:32 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:06:32 +0200 (CEST) Subject: SUSE-CU-2025:3871-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250529070632.7FA21FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3871-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.134 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.134 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Thu May 29 07:07:48 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:07:48 +0200 (CEST) Subject: SUSE-CU-2025:3872-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250529070748.A904CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3872-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.134 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.134 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Thu May 29 07:08:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:08:51 +0200 (CEST) Subject: SUSE-CU-2025:3873-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250529070851.425C0FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3873-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.37 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Thu May 29 07:09:11 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:09:11 +0200 (CEST) Subject: SUSE-IU-2025:1441-1: Security update of suse/sl-micro/6.1/base-os-container Message-ID: <20250529070912.09CB4FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1441-1 Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.39 , suse/sl-micro/6.1/base-os-container:latest Image Release : 4.39 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 126 Released: Wed May 28 11:00:31 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551). - CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents (bsc#1241453). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.33 updated - container:suse-toolbox-image-1.0.0-4.36 updated From sle-container-updates at lists.suse.com Thu May 29 07:09:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:09:31 +0200 (CEST) Subject: SUSE-IU-2025:1442-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250529070931.848EFFCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1442-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.39 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.39 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 126 Released: Wed May 28 11:00:31 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551). - CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents (bsc#1241453). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.33 updated - container:SL-Micro-base-container-2.2.0-4.39 updated From sle-container-updates at lists.suse.com Thu May 29 07:09:53 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:09:53 +0200 (CEST) Subject: SUSE-IU-2025:1443-1: Security update of suse/sl-micro/6.1/rt-os-container Message-ID: <20250529070953.B1581FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1443-1 Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-4.46 , suse/sl-micro/6.1/rt-os-container:latest Image Release : 4.46 Severity : moderate Type : security References : 1241453 1241551 CVE-2025-32414 CVE-2025-32415 ----------------------------------------------------------------- The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 126 Released: Wed May 28 11:00:31 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551). - CVE-2025-32415: Fixed heap-based buffer under-read via crafted XML documents (bsc#1241453). The following package changes have been done: - libxml2-2-2.11.6-slfo.1.1_3.1 updated - SL-Micro-release-6.1-slfo.1.11.33 updated - container:SL-Micro-container-2.2.0-5.8 updated From sle-container-updates at lists.suse.com Thu May 29 07:12:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:12:03 +0200 (CEST) Subject: SUSE-CU-2025:3879-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250529071203.DCFA7F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3879-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.84 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.84 , suse/ltss/sle15.3/sle15:latest Container Release : 2.84 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Thu May 29 07:12:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:12:45 +0200 (CEST) Subject: SUSE-CU-2025:3880-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250529071245.2C1F3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3880-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.44 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.44 , suse/ltss/sle15.4/sle15:latest Container Release : 2.44 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Thu May 29 07:15:27 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:15:27 +0200 (CEST) Subject: SUSE-CU-2025:3881-1: Recommended update of suse/389-ds Message-ID: <20250529071527.30881F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3881-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2.10 , suse/389-ds:2.2.10-39.2 , suse/389-ds:latest Container Release : 39.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:16:03 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:16:03 +0200 (CEST) Subject: SUSE-CU-2025:3884-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250529071603.34E72F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3884-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.16 , bci/dotnet-aspnet:8.0.16-51.3 Container Release : 51.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:16:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:16:23 +0200 (CEST) Subject: SUSE-CU-2025:3886-1: Recommended update of bci/dotnet-aspnet Message-ID: <20250529071623.25453F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3886-1 Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.5 , bci/dotnet-aspnet:9.0.5-10.2 , bci/dotnet-aspnet:latest Container Release : 10.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:16:51 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:16:51 +0200 (CEST) Subject: SUSE-CU-2025:3888-1: Recommended update of bci/bci-base-fips Message-ID: <20250529071651.78841F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3888-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.3.3 , bci/bci-base-fips:latest Container Release : 3.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:17:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:17:25 +0200 (CEST) Subject: SUSE-CU-2025:3891-1: Recommended update of suse/registry Message-ID: <20250529071725.0C4C4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3891-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-3.2 , suse/registry:latest Container Release : 3.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:bci-bci-micro-15.6-0df621f1c36b98f7f53515a76ec18392d71c0ad484d1a639e0acfa5226547521-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:17:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:17:58 +0200 (CEST) Subject: SUSE-CU-2025:3893-1: Recommended update of bci/dotnet-sdk Message-ID: <20250529071758.9C910F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3893-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.16 , bci/dotnet-sdk:8.0.16-55.2 Container Release : 55.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:18:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:18:18 +0200 (CEST) Subject: SUSE-CU-2025:3895-1: Recommended update of bci/dotnet-sdk Message-ID: <20250529071818.6D25DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3895-1 Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.5 , bci/dotnet-sdk:9.0.5-12.3 , bci/dotnet-sdk:latest Container Release : 12.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:18:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:18:54 +0200 (CEST) Subject: SUSE-CU-2025:3897-1: Recommended update of bci/dotnet-runtime Message-ID: <20250529071854.0D9A2F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3897-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.16 , bci/dotnet-runtime:8.0.16-51.3 Container Release : 51.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:19:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:19:14 +0200 (CEST) Subject: SUSE-CU-2025:3899-1: Recommended update of bci/dotnet-runtime Message-ID: <20250529071914.09FB4F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3899-1 Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.5 , bci/dotnet-runtime:9.0.5-10.2 , bci/dotnet-runtime:latest Container Release : 10.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:19:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:19:41 +0200 (CEST) Subject: SUSE-CU-2025:3901-1: Recommended update of bci/gcc Message-ID: <20250529071941.CA75EF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/gcc ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3901-1 Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-12.3 , bci/gcc:latest Container Release : 12.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/gcc was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:20:44 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:20:44 +0200 (CEST) Subject: SUSE-CU-2025:3904-1: Recommended update of bci/golang Message-ID: <20250529072044.80151F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3904-1 Container Tags : bci/golang:1.23 , bci/golang:1.23.9 , bci/golang:1.23.9-2.38.2 , bci/golang:oldstable , bci/golang:oldstable-2.38.2 Container Release : 38.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Thu May 29 07:21:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 May 2025 09:21:16 +0200 (CEST) Subject: SUSE-CU-2025:3906-1: Recommended update of bci/golang Message-ID: <20250529072116.9C01BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3906-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-60.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-60.3 Container Release : 60.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:08:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:08:59 +0200 (CEST) Subject: SUSE-CU-2025:3912-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20250530070859.9CB3FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3912-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.135 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.135 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:10:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:10:36 +0200 (CEST) Subject: SUSE-CU-2025:3913-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20250530071036.59BCCFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3913-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.135 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.135 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:12:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:12:09 +0200 (CEST) Subject: SUSE-CU-2025:3914-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20250530071209.832F2F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3914-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.38 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.38 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:12:35 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:12:35 +0200 (CEST) Subject: SUSE-CU-2025:3915-1: Security update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20250530071235.C9E67F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3915-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.89 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.89 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1754-1 Released: Thu May 29 16:19:20 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.10.1-4.6.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:13:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:13:30 +0200 (CEST) Subject: SUSE-CU-2025:3916-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20250530071330.58625F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3916-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.85 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.85 , suse/ltss/sle15.3/sle15:latest Container Release : 2.85 Severity : moderate Type : recommended References : 1243360 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:13:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:13:31 +0200 (CEST) Subject: SUSE-CU-2025:3917-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20250530071331.51BE8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3917-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.86 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.86 , suse/ltss/sle15.3/sle15:latest Container Release : 2.86 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1763-1 Released: Thu May 29 22:55:33 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.10.1-150000.3.15.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:14:30 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:14:30 +0200 (CEST) Subject: SUSE-CU-2025:3918-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20250530071430.2CF58F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3918-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.45 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.45 , suse/ltss/sle15.4/sle15:latest Container Release : 2.45 Severity : moderate Type : recommended References : 1243360 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:17:37 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:17:37 +0200 (CEST) Subject: SUSE-CU-2025:3919-1: Recommended update of suse/ltss/sle15.5/sle15 Message-ID: <20250530071737.41047F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3919-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-5.2 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-5.2 , suse/ltss/sle15.5/sle15:latest Container Release : 5.2 Severity : moderate Type : recommended References : 1243360 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 07:21:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:21:19 +0200 (CEST) Subject: SUSE-CU-2025:3906-1: Recommended update of bci/golang Message-ID: <20250530072119.C5406F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3906-1 Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-60.3 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-60.3 Container Release : 60.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:22:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:22:06 +0200 (CEST) Subject: SUSE-CU-2025:3927-1: Recommended update of bci/golang Message-ID: <20250530072206.837F9F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3927-1 Container Tags : bci/golang:1.24 , bci/golang:1.24.3 , bci/golang:1.24.3-1.38.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.38.2 Container Release : 38.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:22:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:22:56 +0200 (CEST) Subject: SUSE-CU-2025:3930-1: Recommended update of bci/golang Message-ID: <20250530072256.F0F45F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3930-1 Container Tags : bci/golang:1.24-openssl , bci/golang:1.24.3-openssl , bci/golang:1.24.3-openssl-60.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-60.3 Container Release : 60.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:23:50 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:23:50 +0200 (CEST) Subject: SUSE-CU-2025:3933-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250530072350.71943F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3933-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.54 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.54 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:23:52 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:23:52 +0200 (CEST) Subject: SUSE-CU-2025:3935-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250530072352.15B0BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3935-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.56 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.56 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated - libsystemd0-254.24-150600.4.33.1 updated - libudev1-254.24-150600.4.33.1 updated - systemd-254.24-150600.4.33.1 updated - udev-254.24-150600.4.33.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:24:41 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:24:41 +0200 (CEST) Subject: SUSE-CU-2025:3936-1: Recommended update of bci/bci-init Message-ID: <20250530072441.3DEF6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3936-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.42.2 , bci/bci-init:latest Container Release : 42.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:26:31 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:26:31 +0200 (CEST) Subject: SUSE-CU-2025:3944-1: Recommended update of suse/nginx Message-ID: <20250530072631.B42F2F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3944-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-54.3 , suse/nginx:latest Container Release : 54.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:27:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:27:19 +0200 (CEST) Subject: SUSE-CU-2025:3946-1: Recommended update of bci/nodejs Message-ID: <20250530072719.E0F27F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3946-1 Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-52.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-52.2 , bci/nodejs:latest Container Release : 52.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:27:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:27:38 +0200 (CEST) Subject: SUSE-CU-2025:3949-1: Recommended update of bci/nodejs Message-ID: <20250530072738.3F391F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3949-1 Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-35.2 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-35.2 Container Release : 35.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:27:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:27:56 +0200 (CEST) Subject: SUSE-CU-2025:3952-1: Recommended update of bci/openjdk-devel Message-ID: <20250530072756.32AFFF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3952-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17.0.15.0 , bci/openjdk-devel:17.0.15.0-8.5 Container Release : 8.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:bci-openjdk-17-e49604938101df8378bb7ee97d0340a76cb3167955e2619545c4c9139098792d-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:28:13 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:28:13 +0200 (CEST) Subject: SUSE-CU-2025:3955-1: Recommended update of bci/openjdk Message-ID: <20250530072813.C6558F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3955-1 Container Tags : bci/openjdk:17 , bci/openjdk:17.0.15.0 , bci/openjdk:17.0.15.0-8.3 Container Release : 8.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:29:16 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:29:16 +0200 (CEST) Subject: SUSE-CU-2025:3958-1: Recommended update of bci/openjdk-devel Message-ID: <20250530072916.0A5BCF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3958-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.7.0 , bci/openjdk-devel:21.0.7.0-37.3 , bci/openjdk-devel:latest Container Release : 37.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:bci-openjdk-21-b316312353e5bc0e53fac08e2cddcff673347f401213044ccba764d6a016fb92-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:30:12 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:30:12 +0200 (CEST) Subject: SUSE-CU-2025:3961-1: Recommended update of bci/openjdk Message-ID: <20250530073012.B8B4FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3961-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.7.0 , bci/openjdk:21.0.7.0-37.3 , bci/openjdk:latest Container Release : 37.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:40:06 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:40:06 +0200 (CEST) Subject: SUSE-CU-2025:3961-1: Recommended update of bci/openjdk Message-ID: <20250530074006.A28CBF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3961-1 Container Tags : bci/openjdk:21 , bci/openjdk:21.0.7.0 , bci/openjdk:21.0.7.0-37.3 , bci/openjdk:latest Container Release : 37.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:40:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:40:55 +0200 (CEST) Subject: SUSE-CU-2025:3964-1: Recommended update of suse/pcp Message-ID: <20250530074055.CA29FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3964-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-46.4 , suse/pcp:latest Container Release : 46.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:bci-bci-init-15.6-7f43ad84b6d411bfe8c4e869ca1fe256317b26dd4fa06e359fb0ebf9f588f727-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:41:54 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:41:54 +0200 (CEST) Subject: SUSE-CU-2025:3967-1: Recommended update of bci/php-apache Message-ID: <20250530074154.9D609F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3967-1 Container Tags : bci/php-apache:8 , bci/php-apache:8.2.28 , bci/php-apache:8.2.28-52.3 , bci/php-apache:latest Container Release : 52.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:42:45 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:42:45 +0200 (CEST) Subject: SUSE-CU-2025:3970-1: Recommended update of bci/php-fpm Message-ID: <20250530074245.D0714F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3970-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.28 , bci/php-fpm:8.2.28-52.2 , bci/php-fpm:latest Container Release : 52.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:43:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:43:25 +0200 (CEST) Subject: SUSE-CU-2025:3973-1: Recommended update of bci/php Message-ID: <20250530074325.2F435F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3973-1 Container Tags : bci/php:8 , bci/php:8.2.28 , bci/php:8.2.28-52.3 , bci/php:latest Container Release : 52.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:44:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:44:57 +0200 (CEST) Subject: SUSE-CU-2025:3980-1: Recommended update of suse/kiosk/pulseaudio Message-ID: <20250530074457.7BBD0F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/pulseaudio ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3980-1 Container Tags : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-44.2 , suse/kiosk/pulseaudio:latest Container Release : 44.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:46:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:46:33 +0200 (CEST) Subject: SUSE-CU-2025:4011-1: Recommended update of bci/python Message-ID: <20250530074633.260FFF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4011-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-67.3 Container Release : 67.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:46:33 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:46:33 +0200 (CEST) Subject: SUSE-CU-2025:4012-1: Recommended update of bci/python Message-ID: <20250530074633.EE5BEF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4012-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.11 , bci/python:3.11.11-67.5 Container Release : 67.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1730-1 Released: Wed May 28 16:30:19 2025 Summary: Recommended update for lifecycle-data-sle-module-python3 Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-python3 fixes the following issues: - document python312 and python313 lifecycle (jsc#PED-12726) - extend python311 lifecycle (jsc#PED-12726) The following package changes have been done: - lifecycle-data-sle-module-python3-1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:47:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:47:38 +0200 (CEST) Subject: SUSE-CU-2025:4015-1: Recommended update of bci/python Message-ID: <20250530074738.794F1F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4015-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-67.2 , bci/python:latest Container Release : 67.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:47:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:47:39 +0200 (CEST) Subject: SUSE-CU-2025:4016-1: Recommended update of bci/python Message-ID: <20250530074739.539CDF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4016-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.9 , bci/python:3.12.9-67.5 , bci/python:latest Container Release : 67.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1730-1 Released: Wed May 28 16:30:19 2025 Summary: Recommended update for lifecycle-data-sle-module-python3 Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-python3 fixes the following issues: - document python312 and python313 lifecycle (jsc#PED-12726) - extend python311 lifecycle (jsc#PED-12726) The following package changes have been done: - krb5-1.20.1-150600.11.11.2 updated - lifecycle-data-sle-module-python3-1-150400.9.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-84759d0e92dad1b0d389e88d265e230ef1e487f3a4f10c1be8647883e41a3c8b-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:48:24 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:48:24 +0200 (CEST) Subject: SUSE-CU-2025:4018-1: Recommended update of bci/python Message-ID: <20250530074824.BDBBBF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4018-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-64.3 Container Release : 64.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:48:25 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:48:25 +0200 (CEST) Subject: SUSE-CU-2025:4019-1: Recommended update of bci/python Message-ID: <20250530074825.A89DAF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4019-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-64.5 Container Release : 64.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1730-1 Released: Wed May 28 16:30:19 2025 Summary: Recommended update for lifecycle-data-sle-module-python3 Type: recommended Severity: moderate References: This update for lifecycle-data-sle-module-python3 fixes the following issues: - document python312 and python313 lifecycle (jsc#PED-12726) - extend python311 lifecycle (jsc#PED-12726) The following package changes have been done: - lifecycle-data-sle-module-python3-1-150400.9.6.1 updated From sle-container-updates at lists.suse.com Fri May 30 07:49:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:49:57 +0200 (CEST) Subject: SUSE-CU-2025:4025-1: Recommended update of suse/rmt-server Message-ID: <20250530074957.43D2DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4025-1 Container Tags : suse/rmt-server:2 , suse/rmt-server:2.21 , suse/rmt-server:2.21-65.3 , suse/rmt-server:latest Container Release : 65.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:50:40 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:50:40 +0200 (CEST) Subject: SUSE-CU-2025:4027-1: Recommended update of bci/ruby Message-ID: <20250530075040.C2AA3F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4027-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-35.3 , bci/ruby:latest Container Release : 35.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:51:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:51:21 +0200 (CEST) Subject: SUSE-CU-2025:4030-1: Recommended update of bci/rust Message-ID: <20250530075121.53D46F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4030-1 Container Tags : bci/rust:1.85 , bci/rust:1.85.1 , bci/rust:1.85.1-2.5.3 , bci/rust:oldstable , bci/rust:oldstable-2.5.3 Container Release : 5.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:52:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:52:02 +0200 (CEST) Subject: SUSE-CU-2025:4032-1: Recommended update of bci/rust Message-ID: <20250530075202.DBCA0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4032-1 Container Tags : bci/rust:1.86 , bci/rust:1.86.0 , bci/rust:1.86.0-1.5.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.3 Container Release : 5.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:54:14 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:54:14 +0200 (CEST) Subject: SUSE-CU-2025:4034-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20250530075414.1118FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4034-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.42.2 , bci/bci-sle15-kernel-module-devel:latest Container Release : 42.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-a467655598775c45f86b9b86084e225c19416a68866f7df9d439b7f69985096e-0 updated From sle-container-updates at lists.suse.com Fri May 30 07:56:02 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 09:56:02 +0200 (CEST) Subject: SUSE-CU-2025:4044-1: Security update of suse/kiosk/xorg Message-ID: <20250530075602.DE29EF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/xorg ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4044-1 Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-45.1 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar Container Release : 45.1 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1195468 1206412 1206798 1209122 1209122 1214290 1214290 1236842 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4016 ----------------------------------------------------------------- The container suse/kiosk/xorg was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:741-1 Released: Fri Feb 28 11:15:50 2025 Summary: Security update for procps Type: security Severity: important References: 1214290,1236842,CVE-2023-4016 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). The following package changes have been done: - libudev1-254.24-150600.4.33.1 updated - libsystemd0-254.24-150600.4.33.1 updated - libprocps8-3.3.17-150000.7.42.1 added - procps-3.3.17-150000.7.42.1 added - systemd-254.24-150600.4.33.1 updated - udev-254.24-150600.4.33.1 updated From sle-container-updates at lists.suse.com Fri May 30 08:00:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:00:04 +0200 (CEST) Subject: SUSE-CU-2025:4065-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20250530080004.AD575F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4065-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.15 , suse/manager/4.3/proxy-httpd:4.3.15.9.63.31 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.63.31 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:00:59 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:00:59 +0200 (CEST) Subject: SUSE-CU-2025:4067-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20250530080059.6BE1FFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4067-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.15 , suse/manager/4.3/proxy-salt-broker:4.3.15.9.53.37 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.53.37 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:01:49 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:01:49 +0200 (CEST) Subject: SUSE-CU-2025:4069-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20250530080149.BBD02F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4069-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.21 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:13:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:13:19 +0200 (CEST) Subject: SUSE-CU-2025:4069-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20250530081319.A5032F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4069-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.15 , suse/manager/4.3/proxy-squid:4.3.15.9.62.21 , suse/manager/4.3/proxy-squid:latest Container Release : 9.62.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:14:19 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:14:19 +0200 (CEST) Subject: SUSE-CU-2025:4071-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20250530081419.D3FE9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4071-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.15 , suse/manager/4.3/proxy-ssh:4.3.15.9.53.21 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.53.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:15:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:15:21 +0200 (CEST) Subject: SUSE-CU-2025:4073-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20250530081521.4C361F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4073-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.15 , suse/manager/4.3/proxy-tftpd:4.3.15.9.53.21 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.53.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated - container:sles15-ltss-image-15.4.0-2.44 updated From sle-container-updates at lists.suse.com Fri May 30 08:16:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:16:56 +0200 (CEST) Subject: SUSE-CU-2025:4075-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250530081656.ED438F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4075-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.124 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.124 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Fri May 30 08:16:57 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:16:57 +0200 (CEST) Subject: SUSE-CU-2025:4076-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20250530081657.AC0E7F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4076-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.125 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.125 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 08:16:58 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:16:58 +0200 (CEST) Subject: SUSE-CU-2025:4077-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250530081658.6CBE9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4077-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.126 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.126 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1763-1 Released: Thu May 29 22:55:33 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.10.1-150000.3.15.1 updated From sle-container-updates at lists.suse.com Fri May 30 08:21:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:21:46 +0200 (CEST) Subject: SUSE-CU-2025:4079-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250530082146.0F2EAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4079-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.126 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.126 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1714-1 Released: Tue May 27 13:23:20 2025 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: This update for ncurses fixes the following issues: - Backport sclp terminfo description entry if for s390 sclp terminal lines - Add a further sclp entry for qemu s390 based systems - Make use of dumb The following package changes have been done: - libncurses6-6.1-150000.5.30.1 updated - ncurses-utils-6.1-150000.5.30.1 updated - terminfo-base-6.1-150000.5.30.1 updated From sle-container-updates at lists.suse.com Fri May 30 08:21:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:21:46 +0200 (CEST) Subject: SUSE-CU-2025:4080-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20250530082146.E42DAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4080-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.127 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.127 Severity : moderate Type : recommended References : 1173375 1243360 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1577-1 Released: Mon May 19 10:24:04 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1173375 This update for container-suseconnect fixes the following issues: - update to 2.5.1: * Bump github.com/mssola/capture from 1.0.0 to 1.1.0 * Log everything to stderr * Code formatting * Bump github.com/stretchr/testify from 1.9.0 to 1.10.0 * Also allow optionally to pass down the system_token * Various golangci-lint v2.1x warnings fixed * Remove use of urfave/cli and replace it with flag - remove unnecessary packaging buildrequires ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1736-1 Released: Thu May 29 11:34:51 2025 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1243360 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires The following package changes have been done: - container-suseconnect-2.5.3-150000.4.61.2 updated From sle-container-updates at lists.suse.com Fri May 30 08:21:47 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 May 2025 10:21:47 +0200 (CEST) Subject: SUSE-CU-2025:4081-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250530082147.AC6E9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4081-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.128 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.128 Severity : low Type : security References : 1239909 CVE-2025-2588 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1763-1 Released: Thu May 29 22:55:33 2025 Summary: Security update for augeas Type: security Severity: low References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) The following package changes have been done: - libaugeas0-1.10.1-150000.3.15.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:03:42 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:03:42 +0200 (CEST) Subject: SUSE-IU-2025:1466-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250531070342.E1A35FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1466-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.175 , suse/sle-micro/base-5.5:latest Image Release : 5.8.175 Severity : moderate Type : security References : 1242300 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) The following package changes have been done: - iputils-20221126-150500.3.11.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:03:43 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:03:43 +0200 (CEST) Subject: SUSE-IU-2025:1467-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20250531070343.AADC2FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1467-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.176 , suse/sle-micro/base-5.5:latest Image Release : 5.8.176 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-2.31-150300.95.1 updated - glibc-locale-base-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:04:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:04:22 +0200 (CEST) Subject: SUSE-IU-2025:1469-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20250531070422.F1662FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1469-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.336 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.336 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-2.31-150300.95.1 updated - glibc-locale-base-2.31-150300.95.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.176 updated From sle-container-updates at lists.suse.com Sat May 31 07:05:21 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:05:21 +0200 (CEST) Subject: SUSE-IU-2025:1471-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20250531070521.44D61FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1471-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.401 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.401 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-2.31-150300.95.1 updated - glibc-locale-base-2.31-150300.95.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.305 updated From sle-container-updates at lists.suse.com Sat May 31 07:06:18 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:06:18 +0200 (CEST) Subject: SUSE-IU-2025:1473-1: Security update of suse/sle-micro/5.5 Message-ID: <20250531070618.39CB1FCFE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1473-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.305 , suse/sle-micro/5.5:latest Image Release : 5.5.305 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-2.31-150300.95.1 updated - glibc-locale-base-2.31-150300.95.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.176 updated From sle-container-updates at lists.suse.com Sat May 31 07:11:56 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:11:56 +0200 (CEST) Subject: SUSE-CU-2025:4097-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250531071156.9D6D9FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4097-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.137 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.137 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:11:55 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:11:55 +0200 (CEST) Subject: SUSE-CU-2025:4096-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20250531071155.E4387F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4096-1 Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.136 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.136 Severity : moderate Type : security References : 1242300 1243284 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1779-1 Released: Fri May 30 15:38:55 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,1243284,CVE-2025-47268 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). The following package changes have been done: - iputils-20211215-150400.3.19.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:15:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:15:36 +0200 (CEST) Subject: SUSE-CU-2025:4100-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250531071536.30318F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4100-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.136 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.136 Severity : moderate Type : security References : 1242300 1243284 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1779-1 Released: Fri May 30 15:38:55 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,1243284,CVE-2025-47268 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). The following package changes have been done: - iputils-20211215-150400.3.19.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:15:36 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:15:36 +0200 (CEST) Subject: SUSE-CU-2025:4101-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20250531071536.E7390F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4101-1 Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.137 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.137 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:16:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:16:46 +0200 (CEST) Subject: SUSE-CU-2025:4102-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250531071646.17AD2F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4102-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.39 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.39 Severity : moderate Type : security References : 1242300 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) The following package changes have been done: - iputils-20221126-150500.3.11.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:16:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:16:46 +0200 (CEST) Subject: SUSE-CU-2025:4103-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20250531071646.D1559F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4103-1 Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.40 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.12.40 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:19:15 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:19:15 +0200 (CEST) Subject: SUSE-CU-2025:4104-1: Security update of suse/ltss/sle15.5/sle15 Message-ID: <20250531071915.17656F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.5/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4104-1 Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-5.3 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-5.3 , suse/ltss/sle15.5/sle15:latest Container Release : 5.3 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:20:00 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:20:00 +0200 (CEST) Subject: SUSE-CU-2025:4105-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20250531072000.543A3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4105-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.57 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.8.57 Severity : moderate Type : security References : 1242300 CVE-2025-47268 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1776-1 Released: Fri May 30 15:02:52 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,CVE-2025-47268 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) The following package changes have been done: - iputils-20221126-150500.3.11.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:20:04 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:20:04 +0200 (CEST) Subject: SUSE-CU-2025:4106-1: Security update of suse/kiosk/firefox-esr Message-ID: <20250531072004.80EBCF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/kiosk/firefox-esr ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4106-1 Container Tags : suse/kiosk/firefox-esr:128.10 , suse/kiosk/firefox-esr:128.10-46.1 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest Container Release : 46.1 Severity : important Type : security References : 1076314 1076967 1079845 1102016 1106881 1106882 1140130 1140205 1149789 1160782 1162090 1173578 1179594 1179821 1180042 1180043 1180044 1180046 1180457 1184774 1186586 1186586 1197738 1201799 1202848 1203741 1209934 1215309 1215778 1215945 1216879 1219494 1223070 1223235 1223256 1223272 1223304 1223304 1223437 1223437 1225403 1225879 1227296 1227296 1228322 1229026 1229026 1229338 1230983 1234028 1235029 1235092 1236007 1237351 1237358 1237371 1237382 1239222 1239299 1239312 1239319 1239320 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2018-21010 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-22021 CVE-2020-22021 CVE-2020-22046 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 CVE-2022-48434 CVE-2023-44488 CVE-2023-49502 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51794 CVE-2023-51798 CVE-2023-51798 CVE-2023-5217 CVE-2023-6349 CVE-2024-12361 CVE-2024-31578 CVE-2024-32230 CVE-2024-32230 CVE-2024-35368 CVE-2024-36613 CVE-2024-5197 CVE-2024-56826 CVE-2024-7055 CVE-2024-7055 CVE-2025-0518 CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 CVE-2025-2176 CVE-2025-2177 CVE-2025-22919 CVE-2025-22921 CVE-2025-25473 ----------------------------------------------------------------- The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1252-1 Released: Tue Apr 19 08:51:06 2022 Summary: Security update for openjpeg2 Type: security Severity: important References: 1076314,1076967,1079845,1102016,1106881,1106882,1140130,1160782,1162090,1173578,1180457,1184774,1197738,CVE-2018-14423,CVE-2018-16375,CVE-2018-16376,CVE-2018-20845,CVE-2018-5727,CVE-2018-5785,CVE-2018-6616,CVE-2020-15389,CVE-2020-27823,CVE-2020-6851,CVE-2020-8112,CVE-2021-29338,CVE-2022-1122 This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). - CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). - CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3802-1 Released: Thu Oct 27 16:26:44 2022 Summary: Security update for openjpeg2 Type: security Severity: important References: 1140205,1149789,1179594,1179821,1180042,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27814,CVE-2020-27824,CVE-2020-27841,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845 This update for openjpeg2 fixes the following issues: - CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789). - CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594), - CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821). - CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042). - CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043). - CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044). - CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1732-1 Released: Mon Apr 3 11:31:18 2023 Summary: Recommended update for google-noto-sans-cjk-fonts Type: recommended Severity: low References: 1203741 This update for google-noto-sans-cjk-fonts fixes the following issues: - Solved a 'Fails to Build From Source' (FTBFS) issue. (bsc#1203741) - Use '%license' to store OFL license text instead of '%doc' ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3480-1 Released: Tue Aug 29 12:08:07 2023 Summary: Recommended update for openjpeg2 Type: recommended Severity: moderate References: 1201799 This update for openjpeg2 fixes the following issues: - Fix openjpeg2-devel to require openjpeg as some cmake targets may fail without the base package installed (bsc#1201799) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3946-1 Released: Tue Oct 3 18:36:26 2023 Summary: Security update for libvpx Type: security Severity: important References: 1215778,CVE-2023-5217 This update for libvpx fixes the following issues: - CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1909-1 Released: Mon Jun 3 17:29:03 2024 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1186586,1223437,CVE-2020-22021,CVE-2023-51794 This update for ffmpeg-4 fixes the following issues: - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2409-1 Released: Thu Jul 11 13:55:12 2024 Summary: Security update for libvpx Type: security Severity: important References: 1216879,1225403,1225879,CVE-2023-44488,CVE-2023-6349,CVE-2024-5197 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). - CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2864-1 Released: Fri Aug 9 09:21:29 2024 Summary: Security update for ffmpeg-4 Type: security Severity: moderate References: 1223304,1227296,CVE-2023-51798,CVE-2024-32230 This update for ffmpeg-4 fixes the following issues: - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296). - CVE-2023-51798: Fixed buffer overflow via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c (bsc#1223304). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3301-1 Released: Wed Sep 18 14:51:39 2024 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1229026,CVE-2024-7055 This update for ffmpeg-4 fixes the following issues: - CVE-2024-7055: Fixed a heap-based buffer overflow in pnmdec. (bsc#1229026) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:44-1 Released: Thu Jan 9 16:04:53 2025 Summary: Security update for openjpeg2 Type: security Severity: moderate References: 1235029,CVE-2024-56826 This update for openjpeg2 fixes the following issues: - CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:862-1 Released: Fri Mar 14 09:45:29 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1202848,1215945,1223070,1223235,1223256,1223272,1223304,1223437,1227296,1229026,1229338,1234028,1235092,1236007,1237351,1237358,1237371,1237382,CVE-2023-49502,CVE-2023-50010,CVE-2023-51793,CVE-2023-51794,CVE-2023-51798,CVE-2024-12361,CVE-2024-31578,CVE-2024-32230,CVE-2024-35368,CVE-2024-36613,CVE-2024-7055,CVE-2025-0518,CVE-2025-22919,CVE-2025-22921,CVE-2025-25473 This update for ffmpeg-4 fixes the following issues: - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382). - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351). - CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007). - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371). - CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358). - CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028). - CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092). - CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256). - CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437). - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235). - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304). - CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070). - CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026). - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296). Other fixes: - Updated to version 4.4.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:958-1 Released: Wed Mar 19 17:55:55 2025 Summary: Security update for ffmpeg-4 Type: security Severity: important References: 1186586,1209934,1215309,CVE-2020-22021,CVE-2020-22046,CVE-2022-48434 This update for ffmpeg-4 fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934) - CVE-2020-22021: Fixed Buffer Overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:979-1 Released: Fri Mar 21 13:53:59 2025 Summary: Security update for zvbi Type: security Severity: important References: 1239222,1239299,1239312,1239319,1239320,CVE-2025-2173,CVE-2025-2174,CVE-2025-2175,CVE-2025-2176,CVE-2025-2177 This update for zvbi fixes the following issues: - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222). - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299). - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312). - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319). - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:1256-1 Released: Mon Apr 14 17:41:38 2025 Summary: Recommended update for ffmpeg-4 Type: recommended Severity: moderate References: 1219494,1230983 This update for ffmpeg-4 fixes the following issues: - Fixed build against dav1d, which has been updated - No longer build against libmfx; build against libvp (bsc#1230983, bsc#1219494) - Drop libmfx dependency from our product (jira #PED-10024) The following package changes have been done: - libdav1d7-1.4.0-150600.1.2 added - libopenjp2-7-2.3.0-150000.3.18.1 added - libvpx7-1.11.0-150400.3.7.1 added - libzvbi0-0.2.35-150000.4.3.1 added - libavutil56_70-4.4.5-150600.13.22.1 added - libswresample3_9-4.4.5-150600.13.22.1 added - libavcodec58_134-4.4.5-150600.13.22.1 added - noto-sans-tc-regular-fonts-20170403-150200.10.3.1 added - noto-sans-tc-bold-fonts-20170403-150200.10.3.1 added - noto-sans-sc-regular-fonts-20170403-150200.10.3.1 added - noto-sans-sc-bold-fonts-20170403-150200.10.3.1 added - noto-sans-kr-regular-fonts-20170403-150200.10.3.1 added - noto-sans-kr-bold-fonts-20170403-150200.10.3.1 added - noto-sans-jp-regular-fonts-20170403-150200.10.3.1 added - noto-sans-jp-bold-fonts-20170403-150200.10.3.1 added - noto-sans-tc-fonts-20170403-150200.10.3.1 added - noto-sans-sc-fonts-20170403-150200.10.3.1 added - noto-sans-kr-fonts-20170403-150200.10.3.1 added - noto-sans-jp-fonts-20170403-150200.10.3.1 added - noto-sans-cjk-fonts-20170403-150200.10.3.1 added - libavcodec57-3.4.2-150200.11.60.1 removed - libavutil55-3.4.2-150200.11.60.1 removed - libcelt0-2-0.11.3-150000.3.5.1 removed - libopenjpeg1-1.5.2-150000.4.10.1 removed - libswresample2-3.4.2-150200.11.60.1 removed - libva-x11-2-2.20.0-150600.1.3 removed - libvpx4-1.6.1-150000.6.16.1 removed - libxcb-dri3-0-1.13-150000.3.11.1 removed From sle-container-updates at lists.suse.com Sat May 31 07:24:23 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:24:23 +0200 (CEST) Subject: SUSE-CU-2025:4132-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250531072423.635E7FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4132-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.128 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.128 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:24:22 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:24:22 +0200 (CEST) Subject: SUSE-CU-2025:4131-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20250531072422.AA70AF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4131-1 Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.127 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.127 Severity : moderate Type : security References : 1242300 1243284 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1771-1 Released: Fri May 30 12:41:18 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,1243284,CVE-2025-47268 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). The following package changes have been done: - iputils-s20161105-150000.8.11.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:28:38 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:28:38 +0200 (CEST) Subject: SUSE-CU-2025:4135-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250531072838.AB7A1F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4135-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.129 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.129 Severity : moderate Type : security References : 1242300 1243284 CVE-2025-47268 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1771-1 Released: Fri May 30 12:41:18 2025 Summary: Security update for iputils Type: security Severity: moderate References: 1242300,1243284,CVE-2025-47268 This update for iputils fixes the following issues: Security fixes: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300). Other bug fixes: - Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284). The following package changes have been done: - iputils-s20161105-150000.8.11.1 updated From sle-container-updates at lists.suse.com Sat May 31 07:28:39 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 May 2025 09:28:39 +0200 (CEST) Subject: SUSE-CU-2025:4136-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20250531072839.5CD98F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:4136-1 Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.130 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.130 Severity : important Type : security References : 1234128 1243317 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:1784-1 Released: Fri May 30 18:09:16 2025 Summary: Security update for glibc Type: security Severity: important References: 1234128,1243317,CVE-2025-4802 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128). The following package changes have been done: - glibc-locale-base-2.31-150300.95.1 updated - glibc-locale-2.31-150300.95.1 updated - glibc-2.31-150300.95.1 updated From sle-container-updates at lists.suse.com Sat May 24 07:04:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 07:04:09 -0000 Subject: SUSE-CU-2025:3656-1: Security update of containers/open-webui Message-ID: <20250524070407.C65C3FCFE@maintenance.suse.de> SUSE Container Update Advisory: containers/open-webui ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2025:3656-1 Container Tags : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-10.1 Container Release : 10.1 Severity : important Type : security References : 1199592 1206869 1227554 1227560 1227561 1227562 1227563 1233856 1236250 1236251 1236258 CVE-2024-21538 CVE-2024-22018 CVE-2024-22020 CVE-2024-27980 CVE-2024-36137 CVE-2024-36138 CVE-2024-37372 CVE-2025-22150 CVE-2025-23083 CVE-2025-23085 ----------------------------------------------------------------- The container containers/open-webui was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1640-1 Released: Tue May 14 14:37:00 2024 Summary: Recommended update for Azure SDK and CLI based on Python 3.11 for SLE-15-SP4 (jsc#PED-8074) Type: recommended Severity: important References: 1199592,1206869 Azure SDK and CLI based on Python 3.11 for SLE-15-SP4 (jsc#PED-8074): Changes in azure-cli: - Add Obsoletes for python3-azure-functions-devops-build package on SLE-15 - Remove azure-cli-command-modules-nspkg from BuildRequires and Requires - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Use primary Python version on Tumbleweed - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - New upstream release + Version 2.58.0 - Use %patch -P N instead of deprecated %patchN. + Version 2.57.0 - Update Requires from setup.py + Version 2.56.0 + Version 2.55.0 + Version 2.54.0 + Version 2.53.1 + Version 2.53.0 + Version 2.52.0 + Version 2.51.0 + Version 2.50.0 + Version 2.49.0 + Version 2.48.1 + Version 2.47.0 + Version 2.46.0 + Version 2.45.0 + Version 2.44.1 + Version 2.44.0 + Version 2.43.0 + Version 2.42.0 + Version 2.41.0 - Rename %exclude az.ps1 to azps.ps1 in %files section + Version 2.40.0 - Add %exclude for newly added az.ps1 in %files section + Version 2.39.0 + Version 2.38.0 + Version 2.37.0 + For detailed information about changes see the HISTORY.rst file provided with this package Changes in azure-cli-core: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Use primary Python version on Tumbleweed + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section + For detailed information about changes see the HISTORY.rst file provided with this package - New upstream release + Version 2.58.0 - Use %autosetup macro. Allows to eliminate the usage of deprecated %patchN. + Version 2.57.0 - Update Requires from setup.py + Version 2.56.0 + Version 2.55.0 + Version 2.54.0 + Version 2.53.1 + Version 2.53.0 + Version 2.52.0 + Version 2.51.0 + Version 2.50.0 + Version 2.49.0 - Add patch to update argcomplete dependency (bsc#1206869) + Version 2.48.1 + Version 2.47.0 + Version 2.46.0 + Version 2.45.0 + Version 2.44.1 + Version 2.44.0 - Drop patches for issues fixed upstream - Relax version dependency for python-packaging + Version 2.43.0 + Version 2.42.0 + Version 2.41.0 + Version 2.40.0 - Refresh patches for new version - Update Requires from setup.py + Version 2.39.0 - Add patch to update argcomplete dependency - Update Requires from setup.py + Version 2.38.0 + Version 2.37.0 Changes in azure-cli-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Use primary Python version on Tumbleweed - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Add missing python-rpm-macros package to BuildRequires Changes in azure-cli-telemetry: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Use primary Python version on Tumbleweed - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section + Version 1.1.0 + For detailed information about changes see the HISTORY.rst file provided with this package - New upstream release + Version 1.0.8 - New upstream release + Version 1.0.7 - Update Requires from setup.py - Add missing python-rpm-macros package to BuildRequires + Version 1.0.6 + For detailed information about changes see the HISTORY.rst file provided with this package Changes in python-adal: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Drop definition of BuildRoot - Limit Python files matched in %files section Changes in python-applicationinsights: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Limit Python files matched in %files section Changes in python-azure-agrifood-farming: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-agrifood-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-ai-anomalydetector: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies + Version 3.0.0b6 - Update Requires from setup.py - New upstream release + Version 3.0.0b5 - Update Requires from setup.py - New upstream release + Version 3.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-contentsafety: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-formrecognizer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.3.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 3.3.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 3.3.0 + Version 3.2.1 - Update Requires from setup.py + Version 3.2.0 - Update Requires from setup.py + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-language-conversations: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 - Override upstream version with 1.1.0.0 to ensure proper upgrade from previous version 1.1.0b1 - Update Requires from setup.py + Version 1.1.0b1 - Initial build + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-language-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section Changes in python-azure-ai-language-questionanswering: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - Update Requires from setup.py Changes in python-azure-ai-metricsadvisor: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-ai-ml: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Remove duplicate python-rpm-macros and fdupes from BuildRequires - New upstream release + Version 1.13.0 + Version 1.12.1 + Version 1.12.0 + Version 1.11.1 - Update Requires from setup.py + Version 1.11.0 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ + Version 1.10.1 + Version 1.10.0 + Version 1.8.0 + Version 1.7.2 + Version 1.7.1 + Version 1.7.0 + Version 1.6.0 + Version 1.5.0 + Version 1.4.0 - Update BuildRequires and Requires from setup.py + Version 1.3.0 + Version 1.2.0 + Version 1.1.2 + Version 1.1.1 + Version 1.1.0 - Update Requires from setup.py - Initial build + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section Changes in python-azure-ai-textanalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 5.3.0 - Update Requires from setup.py + Version 5.2.1 + Version 5.2.0 - Remove temporary version override - Update Requires from setup.py + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-translation-document: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-ai-translation-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section Changes in python-azure-ai-translation-text: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-appconfiguration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-appconfiguration-provider: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Drop extra LICENSE.txt as upstream now ships its own - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0 Changes in python-azure-applicationinsights: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-batch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 14.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 14.0.0 - New upstream release + Version 13.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-cognitiveservices-anomalydetector: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-formrecognizer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-inkrecognizer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-knowledge-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-cognitiveservices-knowledge-qnamaker: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-language-luis: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-language-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-cognitiveservices-language-spellcheck: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-language-textanalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-cognitiveservices-personalizer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-autosuggest: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-customimagesearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-customsearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-entitysearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-imagesearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-newssearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-cognitiveservices-search-videosearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-visualsearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-search-websearch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-vision-computervision: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-vision-contentmoderator: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-vision-customvision: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-vision-face: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-cognitiveservices-vision-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-common: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-communication-administration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-communication-callautomation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0 Changes in python-azure-communication-chat: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-communication-email: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-communication-identity: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Drop extra LICENSE.txt as upstream now ships its own - New upstream release + Version 1.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.3.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-communication-jobrouter: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-communication-networktraversal: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.1.0~b1 - Trim Summary to not exceed 79 characters Changes in python-azure-communication-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-communication-phonenumbers: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-communication-rooms: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b3 Changes in python-azure-communication-sms: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-confidentialledger: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-containerregistry: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-core: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - New upstream release + Version 1.30.0 + For detailed information about changes see the CHANGELOG.md file provided with this package + Version 1.29.7 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.29.6 + Version 1.29.5 + Version 1.29.4 + Version 1.29.3 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ + Version 1.29.2 + Version 1.29.1 + Version 1.28.0 + Version 1.27.1 + Version 1.27.0 + Version 1.26.4 + Version 1.26.3 + Version 1.26.2 + Version 1.26.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove python-six dependency. All references to this module in the azure-core has been removed. The dependency is still in the requirements, but there's no reference in the code. - New upstream release + Version 1.26.0 - Update Requires from setup.py + Version 1.25.1 + Version 1.25.0 + Version 1.24.2 + Version 1.24.1 + Version 1.24.0 + Version 1.23.1 - Update Requires from setup.py + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-core-experimental: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b3 Changes in python-azure-core-tracing-opencensus: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b9 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-core-tracing-opentelemetry: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b11 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b10 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update BuildRequires and Requires from setup.py Changes in python-azure-cosmos: - Add Obsoletes for predecessor python3 package on SLE-15 - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.5.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 4.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.3.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Rename LICENSE.txt to LICENSE in %files section - Update Requires from setup.py Changes in python-azure-data-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-data-tables: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 12.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.4.4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 12.4.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.4.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.4.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-datalake-store: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 0.0.53 - Update Requires from setup.py - New upstream release + Version 0.0.52 + For detailed information about changes see the HISTORY.rst file provided with this package Changes in python-azure-defender-easm: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop extra LICENSE.txt as upstream now ships its own - Initial build + Version 1.0.0b1 Changes in python-azure-developer-devcenter: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Drop extra LICENSE.txt as upstream now ships its own - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0b2 Changes in python-azure-developer-loadtesting: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0b1 Changes in python-azure-devops: - Add Obsoletes for predecessor python3 package on SLE-15 - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Use modern RPM macros to express version dependencies - Disable defunct testsuite - New upstream release + Version 7.1.0b4 + No upstream changelog provided - New upstream release + Version 7.1.0b1 + No upstream changelog provided - New upstream release + Version 7.0.0~git252a276 + No upstream changelog provided - Avoid importing azure namespace from build root during build - Update Requires from setup.py - %check: use %pyunittest rpm macro Changes in python-azure-digitaltwins-core: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-digitaltwins-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-eventgrid: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.17.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.16.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.15.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 4.13.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.9.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-eventhub: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 5.11.6 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.5 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.4 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 5.10.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 5.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-eventhub-checkpointstoreblob: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-eventhub-checkpointstoreblob-aio: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-graphrbac: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-healthinsights-cancerprofiling: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b1.post1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Drop extra LICENSE.txt as upstream now ships its own - Trim Summary to not exceed 79 characters - Initial build + Version 1.0.0b1 Changes in python-azure-healthinsights-clinicalmatching: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b1.post1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Drop extra LICENSE.txt as upstream now ships its own - Trim Summary to not exceed 79 characters - Initial build + Version 1.0.0b1 Changes in python-azure-identity: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.15.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.14.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.13.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.12.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override Changes in python-azure-identity-broker: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-iot-deviceprovisioning: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-iot-deviceupdate: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-iot-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Initial build + Version 1.0.1 Changes in python-azure-keyvault: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - New upstream release + Version 4.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-keyvault-administration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 4.4.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 4.4.0~b2 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 4.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.1.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-keyvault-certificates: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 4.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 4.7.0 - New upstream release + Version 4.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.5.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-keyvault-keys: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 4.9.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 4.9.0~b3 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 4.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 4.8.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 4.8.0~b2 - Update Requires from setup.py - New upstream release + Version 4.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.6.1 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-keyvault-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-keyvault-secrets: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 4.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 4.7.0 - New upstream release + Version 4.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.5.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-loganalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-maps-render: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b2 Changes in python-azure-maps-route: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-media-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-media-videoanalyzer-edge: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-messaging-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-messaging-webpubsubclient: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-messaging-webpubsubservice: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Add additional packages from the Azure SDK to Requires + python-azure-mgmt-appcontainers + python-azure-mgmt-confidentialledger + python-azure-mgmt-dnsresolver + python-azure-mgmt-dynatrace + python-azure-mgmt-nginx + python-azure-mgmt-recoveryservicesdatareplication + python-azure-mgmt-scvmm + python-azure-mgmt-workloads - Remove deprecated packages from the Azure SDK from Requires + python-azure-mgmt-documentdb - Add additional packages from the Azure SDK to Requires + python-azure-mgmt-apicenter + python-azure-mgmt-appcomplianceautomation + python-azure-mgmt-azurearcdata + python-azure-mgmt-containerservicefleet + python-azure-mgmt-cosmosdbforpostgresql + python-azure-mgmt-defendereasm + python-azure-mgmt-desktopvirtualization + python-azure-mgmt-devcenter + python-azure-mgmt-devhub + python-azure-mgmt-education + python-azure-mgmt-elasticsan + python-azure-mgmt-graphservices + python-azure-mgmt-hardwaresecuritymodules + python-azure-mgmt-hybridconnectivity + python-azure-mgmt-hybridcontainerservice + python-azure-mgmt-iotfirmwaredefense + python-azure-mgmt-loadtesting + python-azure-mgmt-managedapplications + python-azure-mgmt-managednetworkfabric + python-azure-mgmt-networkanalytics + python-azure-mgmt-networkcloud + python-azure-mgmt-networkfunction + python-azure-mgmt-newrelicobservability + python-azure-mgmt-paloaltonetworksngfw + python-azure-mgmt-playwrighttesting + python-azure-mgmt-qumulo + python-azure-mgmt-securitydevops + python-azure-mgmt-selfhelp + python-azure-mgmt-servicenetworking + python-azure-mgmt-sphere + python-azure-mgmt-springappdiscovery + python-azure-mgmt-storagemover + python-azure-mgmt-voiceservices + python-azure-mgmt-workloadmonitor - Add additional packages from the Azure SDK to Requires + python-azure-mgmt-dashboard + python-azure-mgmt-securityinsight - Add additional packages from the Azure SDK to Requires + python-azure-mgmt-redisenterprise Changes in python-azure-mgmt-advisor: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-agfood: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-agrifood: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-alertsmanagement: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-apicenter: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-apimanagement: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-app: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-appcomplianceautomation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-appconfiguration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 2.1.0.0 to ensure proper upgrade from previous version 2.1.0b2 Changes in python-azure-mgmt-appcontainers: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-applicationinsights: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-appplatform: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-attestation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-authorization: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-automanage: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 1.0.0 - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-automation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-avs: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 7.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-azureadb2c: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-azurearcdata: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-mgmt-azurestack: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-azurestackhci: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 7.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 6.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-baremetalinfrastructure: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Only build Python3 flavors for distributions 15 and greater Changes in python-azure-mgmt-batch: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - New upstream release + Version 17.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - use proper boolean requires for ranged requirements - New upstream release + Version 17.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 17.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 16.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-batchai: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-billing: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 6.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 6.0.0.0 to ensure proper upgrade from previous version 6.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-botservice: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 2.0.0 - Override upstream version with 2.0.0.0 to ensure proper upgrade from previous version 2.0.0b3 - Update Requires from setup.py - New upstream release + Version 2.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - New upstream release + Version 1.0.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Rename HISTORY.rst to CHANGELOG.md in %files section - Rename README.rst to README.md in %files section - Update Requires from setup.py Changes in python-azure-mgmt-cdn: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 13.0.0 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ + Version 12.0.0 - Update Requires from setup.py Changes in python-azure-mgmt-chaos: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b7 - New upstream release + Version 1.0.0b7 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-cognitiveservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - update to 13.5.0: * Added operation group ModelsOperations * Added operation group UsagesOperations * Model AccountModel has a new parameter is_default_version * Model AccountModel has a new parameter skus * Model AccountModel has a new parameter source * Model AccountProperties has a new parameter abuse_penalty * Model CommitmentPlanProperties has a new parameter provisioning_issues * Model Deployment has a new parameter sku * Model DeploymentModel has a new parameter source * Model DeploymentProperties has a new parameter rate_limits * Model DeploymentProperties has a new parameter version_upgrade_option * Model UsageListResult has a new parameter next_link - New upstream release + Version 13.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 13.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 13.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-commerce: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-communication: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-compute: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 30.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 30.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 30.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 30.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 30.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 30.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 29.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 29.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 28.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 28.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 27.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 27.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 27.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-confidentialledger: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial release + Version 1.0.0 Changes in python-azure-mgmt-confluent: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-connectedvmware: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b3 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-consumption: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-containerinstance: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 10.1.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 10.1.0~b1 - Update Requires from setup.py - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 9.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-containerregistry: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 10.3.0 + Version 10.2.0 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 9.1.0 - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py + Version 8.2.0 Changes in python-azure-mgmt-containerservice: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 29.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 29.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 28.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 27.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 26.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 25.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 24.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 23.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 22.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 22.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 21.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 21.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 21.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 20.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 20.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 20.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 20.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-containerservicefleet: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-core: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.3.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.3.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-cosmosdb: - Add Obsoletes for predecessor python3 package on SLE-15 - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 9.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 9.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 9.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 9.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 7.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 7.0.0.0 to ensure proper upgrade from previous version 7.0.0b6 - Update Requires from setup.py - New upstream release + Version 7.0.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-cosmosdbforpostgresql: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-costmanagement: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-customproviders: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-dashboard: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-databox: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-databoxedge: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-databricks: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-datadog: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-datafactory: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 5.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.8.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-datalake-analytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-datalake-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-mgmt-datalake-store: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-datamigration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-dataprotection: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b4 - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-datashare: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-defendereasm: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-deploymentmanager: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-desktopvirtualization: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0 Changes in python-azure-mgmt-devcenter: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b4 - Update Requires from setup.py - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-devhub: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-deviceupdate: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b4 - Update Requires from setup.py - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-devspaces: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-devtestlabs: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-digitaltwins: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 6.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 6.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 6.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-dns: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 8.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 8.0.0.0 to ensure proper upgrade from previous version 8.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-dnsresolver: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-mgmt-dynatrace: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-edgegateway: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-edgeorder: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-education: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-elastic: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-elasticsan: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b3 - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-eventgrid: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-eventhub: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 11.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-extendedlocation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-fluidrelay: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-frontdoor: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-graphservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-guestconfig: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-hanaonazure: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-hardwaresecuritymodules: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-hdinsight: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-healthcareapis: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-hybridcompute: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-hybridconnectivity: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-mgmt-hybridcontainerservice: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-hybridkubernetes: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-hybridnetwork: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-imagebuilder: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-iotcentral: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.0.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-iotfirmwaredefense: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-iothub: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 2.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-iothubprovisioningservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-keyvault: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 10.2.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-kubernetesconfiguration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-kusto: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 3.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-labservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-loadtesting: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-loadtestservice: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-loganalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 13.0.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-logic: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-logz: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-machinelearningcompute: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-machinelearningservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-maintenance: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-managedapplications: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-managednetworkfabric: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - use proper boolean requires for version ranged requires - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-managedservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-managementgroups: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-managementpartner: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-maps: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-marketplaceordering: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-media: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-mixedreality: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-mobilenetwork: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b3 - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-monitor: - Add Obsoletes for predecessor python3 package on SLE-15 - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 6.0.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 6.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 6.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 5.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-msi: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 7.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Updates Requires from setup.py - New upstream release + Version 6.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Updates Requires from setup.py Changes in python-azure-mgmt-netapp: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 11.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 10.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 9.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 8.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-network: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 25.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 25.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 25.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 25.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 24.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 23.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 23.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 23.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 22.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 22.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 22.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 22.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 21.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 21.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-networkanalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-networkcloud: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-networkfunction: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-newrelicobservability: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-nginx: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0 Changes in python-azure-mgmt-notificationhubs: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-mgmt-oep: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-orbital: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-paloaltonetworksngfw: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-peering: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-playwrighttesting: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-policyinsights: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 1.1.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0b2 - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-portal: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-powerbidedicated: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-powerbiembedded: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-privatedns: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-purview: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-quantum: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-qumulo: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-quota: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.1.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.1.0~b3 to enable proper upgrade to the next stable version 1.1.0 - Update Requires from setup.py Changes in python-azure-mgmt-rdbms: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 10.2.0b13 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b12 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b11 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 10.2.0b10 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b9 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b8 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b7 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.2.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 10.2.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 10.2.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-recoveryservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 2.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-recoveryservicesbackup: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 6.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 5.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 5.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 5.1.0.0 to ensure proper upgrade from previous version 5.1.0b2 - Update Requires from setup.py - New upstream release + Version 5.1.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 5.1.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-recoveryservicesdatareplication: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-recoveryservicessiterecovery: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Trim Summary to not exceed 79 characters - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-redhatopenshift: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-redis: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 14.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 14.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 14.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 14.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-redisenterprise: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 2.0.0 Changes in python-azure-mgmt-regionmove: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-relay: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-reservations: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 2.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 2.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 2.0.0 - New upstream release + Version 1.0.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-resource: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 23.1.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 23.1.0~b2 - New upstream release + Version 23.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 23.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 22.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 21.2.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 21.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 21.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 21.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-resourceconnector: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b4 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-resourcegraph: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-resourcehealth: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-resourcemover: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 1.1.0 - Override upstream version with 1.1.0.0 to ensure proper upgrade from previous version 1.1.0b3 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.1.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-scheduler: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-scvmm: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-search: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 9.1.0 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 9.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-security: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 6.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 5.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 2.0.0.0 to ensure proper upgrade from previous version 2.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-securitydevops: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b2 Changes in python-azure-mgmt-securityinsight: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - Update Requires from setup.py - Initial build + Version 1.0.0b2 Changes in python-azure-mgmt-selfhelp: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-serialconsole: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py Changes in python-azure-mgmt-servermanager: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-servicebus: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 8.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 8.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 8.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-servicefabric: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py Changes in python-azure-mgmt-servicefabricmanagedclusters: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Trim Summary to not exceed 79 characters Changes in python-azure-mgmt-servicelinker: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.2.0~b1 - Update Requires from setup.py Changes in python-azure-mgmt-servicenetworking: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-signalr: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0b1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 2.0.0~b1 - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-mgmt-sphere: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-springappdiscovery: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-sql: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 4.0.0b15 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b14 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b13 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b12 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 4.0.0b11 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b10 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b9 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.0b8 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b7 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 4.0.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 4.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-sqlvirtualmachine: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b6 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b5 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-mgmt-storage: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 21.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 21.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 20.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-storagecache: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-storageimportexport: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-storagemover: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 2.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-storagepool: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-storagesync: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-streamanalytics: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-subscription: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 3.1.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 3.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 3.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-support: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-synapse: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies + Version 2.1.0b5 + Version 2.1.0b2 Changes in python-azure-mgmt-testbase: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-timeseriesinsights: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-trafficmanager: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-videoanalyzer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-vmwarecloudsimple: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mgmt-voiceservices: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mgmt-web: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 7.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 7.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-webpubsub: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-mgmt-workloadmonitor: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0b4 Changes in python-azure-mgmt-workloads: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b2 - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-mixedreality-authentication: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-mixedreality-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-monitor-ingestion: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 1.0.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - New upstream release + Version 1.0.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Override upstream version with 1.0.0.0 to ensure proper upgrade from previous version 1.0.0b1 - Update Requires from setup.py - Initial build + Version 1.0.0b1 Changes in python-azure-monitor-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-monitor-opentelemetry-exporter: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b22 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - Initial build + Version 1.0.0b5 Changes in python-azure-monitor-query: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.0.3 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-multiapi-storage: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.2.0 + For detailed information about changes see the README.rst file provided with this package - New upstream release + Version 1.1.0 + For detailed information about changes see the README.rst file provided with this package - Trim Summary to not exceed 79 characters - New upstream release + Version 1.0.0 + For detailed information about changes see the README.rst file provided with this package - New upstream release + Version 0.10.0 + For detailed information about changes see the README.rst file provided with this package Changes in python-azure-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-purview-account: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-purview-administration: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-purview-catalog: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b4 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-purview-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-purview-scanning: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-purview-sharing: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 1.0.0b3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 1.0.0b2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Initial build + Version 1.0.0b1 Changes in python-azure-schemaregistry: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - New upstream release + Version 1.2.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 1.1.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove temporary version override - Update Requires from setup.py Changes in python-azure-schemaregistry-avroencoder: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Initial build + Version 1.0.0 Changes in python-azure-schemaregistry-avroserializer: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-sdk: - Add Obsoletes for python3-azure-functions-devops-build package on SLE-15 - Change version setting of Obsoletes to trigger python3 obsolete properly + binary removal since there was no source version bump - Remove deprecated packages from the Azure SDK from Requires + python-azure-synapse - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Remove deprecated packages from the Azure SDK from Requires + python-azure-monitor - Add additional packages from the Azure SDK to Requires + python-azure-ai-contentsafety + python-azure-ai-ml + python-azure-ai-translation-text + python-azure-appconfiguration-provider + python-azure-communication-callautomation + python-azure-communication-jobrouter + python-azure-communication-rooms + python-azure-core-experimental + python-azure-defender-easm + python-azure-developer-devcenter + python-azure-developer-loadtesting + python-azure-devops + python-azure-healthinsights-cancerprofiling + python-azure-healthinsights-clinicalmatching + python-azure-identity-broker + python-azure-iot-deviceprovisioning + python-azure-maps-render + python-azure-maps-route + python-azure-messaging-webpubsubclient + python-azure-monitor-opentelemetry-exporter + python-azure-purview-sharing + python-azure-schemaregistry-avroencoder - Remove deprecated packages from the Azure SDK from Requires + python-adal + python-azure-functions-devops-build + python-msrestazure + python-pydocumentdb + python-uamqp - Add additional packages from the Azure SDK to Requires + python-azure-ai-language-conversations + python-azure-communication-email + python-azure-iot-deviceupdate + python-azure-iot-nspkg + python-azure-mgmt-appcontainers + python-azure-mgmt-confidentialledger + python-azure-mgmt-dnsresolver + python-azure-mgmt-dynatrace + python-azure-mgmt-nginx + python-azure-mgmt-scvmm + python-azure-mgmt-workloads + python-azure-monitor-ingestion - Remove deprecated packages from the Azure SDK from Requires + python-azure-devops + python-vsts + python-vsts-cd-manager + python-azure-mgmt - Only build Python3 flavors for distributions 15 and greater Changes in python-azure-search-documents: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 11.4.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 11.3.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 11.2.2 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-search-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section Changes in python-azure-security-attestation: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-security-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-servicebus: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 7.11.4 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.11.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.11.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 7.11.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.8.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.8.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.8.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 7.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 7.6.1 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-azure-servicefabric: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-servicemanagement-legacy: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-storage-blob: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 12.19.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.18.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.18.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.18.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 12.17.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - Correct Requires on python-typing_extensions. - New upstream release + Version 12.16.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.15.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.14.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-storage-common: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-storage-file: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-storage-file-datalake: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 12.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.13.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.13.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 12.12.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.9.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-storage-file-share: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 12.15.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.14.2 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.14.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 12.13.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.12.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.11.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.10.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.10.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-storage-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section Changes in python-azure-storage-queue: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 12.9.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.8.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.7.3 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.7.1 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 12.7.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - Update Requires from setup.py - New upstream release + Version 12.6.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 12.5.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-synapse-accesscontrol: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-synapse-artifacts: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 0.18.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 0.17.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 0.16.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.15.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 0.14.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 0.13.0 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py Changes in python-azure-synapse-managedprivateendpoints: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-synapse-monitoring: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-synapse-nspkg: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section Changes in python-azure-synapse-spark: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop Provides and Obsoletes for predecessor package - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies Changes in python-azure-template: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - New upstream release + Version 0.1.0b3511266 + For detailed information about changes see the CHANGELOG.md file provided with this package + Version 0.1.0b3333464 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b3273802 + For detailed information about changes see the CHANGELOG.md file provided with this package - Update Requires from setup.py - New upstream release + Version 0.1.0b3195006 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b3096118 + For detailed information about changes see the CHANGELOG.md file provided with this package - Remove unzip package from BuildRequires - Switch source archive format to TAR.GZ - New upstream release + Version 0.1.0b2840062 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b2675288 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b2609285 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b2089057 + For detailed information about changes see the CHANGELOG.md file provided with this package - Switch source archive format back to ZIP - Re-add unzip to BuildRequires - New upstream release + Version 0.1.0b2006793 + For detailed information about changes see the CHANGELOG.md file provided with this package - Switch source archive format to TAR.GZ - Drop unzip from BuildRequires - New upstream release + Version 0.1.0b1798511 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b1739996 - New upstream release + Version 0.1.0b1519537 + For detailed information about changes see the CHANGELOG.md file provided with this package - New upstream release + Version 0.1.0b1438905 + For detailed information about changes see the CHANGELOG.md file provided with this package Changes in python-msal: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Limit Python files matched in %files section - Update to version 1.26.0 * Do not auto-detect region if app developer does not opt-in to region (#629, #630) * Support Proof-of-Possession (PoP) for Public Client based on broker (#511) - Update to version 1.25.0 + Deprecation: allow_broker will be replaced by enable_broker_on_windows (#613) + Bugfix: Device Code Flow (and Username Password Flow) and its subsequent silent request will automatically bypass broker and succeed. (#569) + Enhancement: acquire_token_interactive() supports running inside Docker + Observability: Successful token response will contain a new token_source field to indicate where the token was obtained from: identity_provider, cache or broker. (#610) - Update to version 1.24.1 + Includes minor adjustments on handling acquire_token_interactive(). The scope of the issue being addressed was limited to a short-lived sign-in attempt. The potential misuse vector complexity was high, therefore it is unlikely to be reproduced in standard usage scenarios; however, out of abundance of caution, this fix is shipped to align ourselves with Microsoft's policy of secure-by-default. - from version 1.24.0 + Enhancement: There may be a new msal_telemetry key available in MSAL's acquire token response, currently observed when broker is enabled. Its content and format are opaque to caller. This telemetry blob allows participating apps to collect them via telemetry, and it may help future troubleshooting. (#575) + Enhancement: A new enable_pii_log parameter is added into ClientApplication constructor. When enabled, the broker component may include PII (Personal Identifiable Information) in logs. This may help troubleshooting. (#568, #590) - Remove temporary version override - Update to version 1.24.0b2 + Experimental: Building on top of 1.24.0b1 and includes some adjustment on handling acquire_token_interactive(). - Update to version 1.24.0b1 + Experimental: Surface MSAL telemetry as a long opaque string (#575). This behavior is useful if your app has your own telemetry mechanism and wants to also collect MSAL's telemetry. - from version 1.23.0 + acquire_token_for_client() will automatically look up tokens from cache (#577) - Override upstream version with 1.24.0~b1 - Update to version 1.22.0 + New feature: Support CIAM authorities in the form of 'tenant.ciamlogin.com/*' (#520) - Update to version 1.21.0 + Support getting an ssh certificate via broker (#515) + Support B2C's usage pattern of using client id as a scope (#505, #530) + MSAL's token cache helper can now be used to store tokens returned by App Service's Managed Identity (#519) + Switch to a new set of regional endpoints (#513) + Test matrix covers Python 3.11 (#512) - Update to version 1.20.0 + New feature: If your app uses MSAL's acquire_token_interactive(), you can now opt in to use broker on Windows platform to achieve Single-Sign-On (SSO) and also obtain more secure tokens, all without switching the log-in experience to a browser. See details in this online doc, and try it out from this sample. (#451, #415) - from version 1.19.0 + New feature: A new ClientApplication(..., instance_discovery=False) parameter to turn off MSAL's Instance Discovery behavior. See more details in its full documentation. Also, ADFS authority will no longer trigger Instance Discovery. (#496) + Enhancement: Use provided authority port when building the tenant discovery endpoint (#484) + Bugfix: Fix a regression in regional endpoint which affects MSAL Python 1.14+ (#485) + Enhancement: Tolerate home_account_id to be None - from version 1.18.0 + New feature: Optional initiate_auth_code_flow(..., response_mode='form_post') to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469) + New feature: acquire_token_interactive(..., prompt='none') can obtain some tokens from within Cloud Shell, without any prompt. (#420) - Update to version 1.18.0b1 + New feature: Optional initiate_auth_code_flow(..., response_mode='form_post') to allow the auth code being delivered to your app by form post, which is considered even more secure. (#396, #469) + New feature: acquire_token_interactive(..., prompt='none') can obtain some tokens from within Cloud Shell, without any prompt. (#420) Changes in python-msal-extensions: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Use modern RPM macros to express version dependencies - Drop support for older Python versions - Limit Python files matched in %files section - Update to version 1.1.0 + Support Python 3.12 by removing dependency on distutils (#120, #123) + Dropping Python 2.7 (#122) - Relax version constraints for python-portalocker in BuildRequires and Requires Changes in python-msrest: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Drop definition of BuildRoot - Drop support for older Python versions - Limit Python files matched in %files section + Version 0.7.1 - Switch source archive format to ZIP - Update Requires from setup.py - New upstream release + Version 0.6.21 + For detailed information about changes see the README.rst file provided with this package Changes in python-msrestazure: - Switch package to modern Python Stack on SLE-15 + Use Python 3.11 on SLE-15 by default + Add Obsoletes for old python3 package on SLE-15 + Drop support for older Python versions - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install + Update name for dist directory in %files section - Drop setting default file attributes in %files section - Use modern RPM macros to express version dependencies - Drop definition of BuildRoot - Limit Python files matched in %files section Changes in python-opencensus-ext-azure: - Add Obsoletes for old python3 package on SLE-15 - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop build support for Python 2.x - Update to 1.1.6 * Add statusCode and exceptionType to network statsbeat (#1138) - from version 1.1.5 * Allow specifying metrics (custom_measurements) for Azure custom events (#1117) * Shutdown Statsbeat when hitting error/exception threshold (#1127) * Fix failure counting statsbeat - refactor status code logic in transport (#1132) * Use logging handler close instead of custom atexit hook (#1134) - from version 1.1.4 * Statsbeat bug fixes - status codes (#1113) * Statsbeat bug fixes - do not log if statsbeat (#1116) * Add deprecation warning for explicitly using instrumentation key (#1118) - from version 1.1.3 * Hotfix for version number (#1108) - from version 1.1.2 * Statsbeat bug fixes, shorten host in network stats (#1100) * Support statsbeat in EU regions (#1105) - from version 1.1.1 * Fix statsbeats metric names (#1089) * Add AAD statsbeat feature, fix incorrect counting of retry (#1093) - Refresh patches for new version - Update BuildRequires and Requires from setup.py ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2574-1 Released: Mon Jul 22 12:35:14 2024 Summary: Security update for nodejs20 Type: security Severity: moderate References: 1227554,1227560,1227561,1227562,1227563,CVE-2024-22018,CVE-2024-22020,CVE-2024-27980,CVE-2024-36137,CVE-2024-36138,CVE-2024-37372 This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) - CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562) - CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561) - CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563) Changes in 20.15.0: - test_runner: support test plans - inspector: introduce the --inspect-wait flag - zlib: expose zlib.crc32() - cli: allow running wasm in limited vmem with --disable-wasm-trap-handler Changes in 20.14.0 - src,permission: throw async errors on async APIs - test_runner: support forced exit Changes in 20.13.1: - buffer: improve base64 and base64url performance - crypto: deprecate implicitly shortened GCM tags - events,doc: mark CustomEvent as stable - fs: add stacktrace to fs/promises - report: add --report-exclude-network option - src: add uv_get_available_memory to report and process - stream: support typed arrays - util: support array of formats in util.styleText - v8: implement v8.queryObjects() for memory leak regression testing - watch: mark as stable ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:4286-1 Released: Wed Dec 11 09:30:38 2024 Summary: Security update for nodejs20 Type: security Severity: moderate References: 1233856,CVE-2024-21538 This update for nodejs20 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856) Other fixes: - Updated to 20.18.1: * Experimental Network Inspection Support in Node.js * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext * New option for vm.createContext() to create a context with a freezable globalThis * buffer: optimize createFromString - Changes in 20.17.0: * module: support require()ing synchronous ESM graphs * path: add matchesGlob method * stream: expose DuplexPair API - Changes in 20.16.0: * process: add process.getBuiltinModule(id) * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob ----------------------------------------------------------------- Advisory ID: SUSE-SU-2025:237-1 Released: Fri Jan 24 20:33:34 2025 Summary: Security update for nodejs20 Type: security Severity: important References: 1236250,1236251,1236258,CVE-2025-22150,CVE-2025-23083,CVE-2025-23085 This update for nodejs20 fixes the following issues: Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251) - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2025:895-1 Released: Mon Mar 17 21:35:36 2025 Summary: Recommended update for python-responses Type: recommended Severity: moderate References: This update for python-responses fixes the following issue: - Update to 0.23.3 The following package changes have been done: - python311-azure-nspkg-3.0.2-150400.14.5.1 added - libyaml-0-2-0.2.5-150600.1.1 updated - opencv4-cascades-data-4.11.0-150600.1.9 updated - zstd-1.5.6-150600.1.10 added - python311-xmltodict-0.13.0-150600.1.13 added - python311-typing_extensions-4.13.0-150600.1.1 updated - python311-threadpoolctl-3.5.0-150600.1.13 updated - python311-sentencepiece-0.2.0-150600.1.1 added - python311-rapidocr-onnxruntime-1.4.4-150600.1.1 updated - python311-pypdf-4.3.1-150600.1.14 updated - python311-primp-0.15.0-150600.1.1 updated - python311-peewee-3.17.9-150600.1.1 updated - python311-packaging-24.1-150600.1.12 updated - python311-onnxruntime-1.20.1-150600.1.1 updated - python311-loguru-0.7.3-150600.1.1 added - python311-langsmith-0.3.42-150600.1.1 updated - python311-isodate-0.6.1-150400.12.7.2 added - python311-idna-3.8-150600.1.13 updated - python311-fake-useragent-2.1.0-150600.1.1 updated - python311-einops-0.8.1-150600.1.1 updated - python311-click-8.1.8-150600.1.2 updated - python311-cchardet-2.1.19-150600.1.33 updated - python311-bcrypt-4.3.0-150600.1.1 updated - python311-azure-storage-nspkg-3.1.0-150400.11.5.1 added - python311-azure-common-1.1.28-150400.14.5.1 added - python311-RestrictedPython-8.0-150600.1.4 added - python311-PyYAML-6.0.2-150600.1.1 updated - nodejs-common-6.0-150600.1.5 added - nodejs20-20.18.2-150600.3.9.1 added - python311-pypandoc-1.15-150600.1.1 updated - python311-pyee-12.0.0-150600.1.13 added - python311-Pillow-11.1.0-150600.1.1 updated - python311-wsproto-1.2.0-150400.9.3.9 added - python311-SQLAlchemy-2.0.40-150600.1.1 updated - python311-lxml-5.3.2-150600.1.1 updated - python311-uvicorn-0.34.2-150600.1.1 updated - python311-Werkzeug-3.0.4-150600.1.13 updated - python311-build-1.2.1-150600.1.13 updated - python311-playwright-1.49.1-150600.1.1 added - python311-zstandard-0.22.0-150600.1.12 added - python311-simple-websocket-1.0.0-150600.1.13 added - python311-duckduckgo-search-8.0.1-150600.1.1 updated - python311-Flask-3.0.3-150600.1.13 updated - python311-python-jose-3.4.0-150600.1.1 updated - python311-numpy1-1.26.4-150600.1.40 updated - python311-langchain-core-0.3.59-150600.1.1 updated - python311-black-25.1.0-150600.1.1 updated - python311-sympy-1.13.3-150600.1.1 updated - python311-scipy-1.14.1-150600.1.41 updated - python311-pgvector-0.4.1-150600.1.1 updated - python311-pandas-2.2.3-150600.1.42 updated - python311-langchain-text-splitters-0.3.8-150600.1.1 added - python311-torch-2.7.0-150600.2.1 updated - python311-scikit-learn-1.5.1-150600.1.43 updated - python311-gcp-storage-emulator-2024.8.3-150600.1.10 added - python311-pinecone-6.0.2-150600.1.1 added - python311-elastic-transport-8.17.1-150600.1.1 added - libopencv411-4.11.0-150600.1.9 updated - python311-youtube-transcript-api-1.0.3-150600.1.1 updated - python311-tencentcloud-sdk-python-3.0.1375-150600.1.1 added - python311-responses-0.23.3-150600.11.3.1 added - python311-python-engineio-4.12.0-150600.1.1 updated - python311-msal-1.32.3-150600.1.1 added - python311-firecrawl-py-2.5.4-150600.1.1 added - python311-azure-storage-common-2.1.0-150400.11.5.1 added - python311-azure-core-1.34.0-150600.1.1 added - python311-elasticsearch-9.0.1-150600.1.1 added - python311-environs-11.0.0-150600.1.22 updated - libopencv_objdetect411-4.11.0-150600.1.9 updated - libopencv_imgcodecs411-4.11.0-150600.1.9 updated - python311-python-socketio-5.13.0-150600.1.1 updated - python311-msal-extensions-1.3.1-150600.1.1 added - python311-azure-storage-blob-12.25.1-150600.1.1 added - python311-azure-ai-documentintelligence-1.0.2-150600.1.1 added - python311-langchain-0.3.25-150600.1.1 updated - python311-langchain-community-0.3.23-150600.1.1 updated - libopencv_face411-4.11.0-150600.1.9 updated - libopencv_aruco411-4.11.0-150600.1.9 updated - libopencv_ximgproc411-4.11.0-150600.1.9 updated - python311-azure-identity-1.21.0-150600.1.1 added - python311-google-ai-generativelanguage-0.6.18-150600.1.1 updated - python311-accelerate-0.33.0-150600.1.1 added - libopencv_optflow411-4.11.0-150600.1.9 updated - libopencv_highgui411-4.11.0-150600.1.9 updated - python311-google-generativeai-0.8.5-150600.1.1 updated - python311-moto-5.1.0-150600.1.1 added - libopencv_gapi411-4.11.0-150600.1.9 updated - python311-sentence-transformers-4.1.0-150600.1.1 updated - libopencv_videoio411-4.11.0-150600.1.9 updated - python311-opencv-4.11.0-150600.1.9 updated - python311-open-webui-0.6.9-150600.1.1 updated - python311-Flask-Cors-5.0.0-150600.1.12 removed - python311-aiohttp_cors-0.7.0-150400.9.3.6 removed - python311-h2-4.2.0-150600.1.4 removed - python311-hpack-4.0.0-150400.8.3.9 removed - python311-hyperframe-6.0.1-150400.8.3.9 removed - python311-langchain-text_splitters-0.3.19-150600.1.8 removed - python311-tomli-2.0.1-150400.9.3.9 removed From sle-container-updates at lists.suse.com Sat May 24 07:16:46 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 07:16:46 -0000 Subject: SUSE-IU-2025:1411-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20250524071645.69867F78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1411-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-6.27 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 6.27 Severity : important Type : security References : 1215199 1223809 1224013 1224597 1224757 1228659 1230764 1231103 1232493 1233075 1233098 1235501 1235526 1236086 1236704 1237111 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239997 1240181 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240934 1240936 1240944 1241010 1241038 1241051 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242985 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: kernel-22 Released: Fri May 23 09:19:59 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and' - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The following package changes have been done: - pigz-2.8-1.8 added - perl-base-5.38.2-1.52 added - libdw1-0.189-4.143 added - file-5.44-4.151 added - libasm1-0.189-4.143 added - zstd-1.5.5-8.142 added - elfutils-0.189-4.143 added - cpio-2.15-1.3 added - perl-Bootloader-1.8.2-1.1 added - util-linux-systemd-2.39.3-3.1 added - dracut-059+suse.591.ge2ab3f62-1.1 added - kernel-default-base-6.4.0-29.1.21.7 updated From sle-container-updates at lists.suse.com Sat May 24 07:16:09 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 07:16:09 -0000 Subject: SUSE-IU-2025:1410-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20250524071608.66ECCF78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1410-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.4 , suse/sl-micro/6.0/base-os-container:latest Image Release : 7.4 Severity : critical Type : security References : 1010996 1199079 1215199 1223809 1224013 1224597 1224757 1224868 1228659 1229003 1230764 1231103 1232493 1233075 1233098 1234128 1234798 1235501 1235526 1236086 1236704 1237111 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239883 1239909 1239997 1240009 1240181 1240343 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240897 1240934 1240936 1240944 1241010 1241020 1241038 1241051 1241078 1241083 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241453 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241551 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242901 1242985 1243317 441356 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56406 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-2588 CVE-2025-29087 CVE-2025-29088 CVE-2025-32414 CVE-2025-32415 CVE-2025-3360 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 CVE-2025-4802 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 313 Released: Mon May 12 11:36:50 2025 Summary: Recommended update for NetworkManager Type: recommended Severity: important References: 1224868 This update for NetworkManager fixes the following issues: - Add config-server subpackage (bsc#1224868). ----------------------------------------------------------------- Advisory ID: 314 Released: Mon May 12 11:55:56 2025 Summary: Security update for glib2 Type: security Severity: moderate References: 1240897,CVE-2025-3360 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897). ----------------------------------------------------------------- Advisory ID: 324 Released: Fri May 16 11:41:30 2025 Summary: Recommended update for elemental-operator Type: recommended Severity: moderate References: 1242901 This update for elemental-operator fixes the following issues: - Fix questions.yaml default tag - operator: update RBAC for upgrade plans (bsc#1242901) ----------------------------------------------------------------- Advisory ID: 325 Released: Fri May 16 14:45:12 2025 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1241020,1241078,CVE-2025-29087,CVE-2025-29088 This update for sqlite3 fixes the following issues: - Update to release 3.49.1: * Improve portability of makefiles and configure scripts. * CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws() function, introduced in version 3.44.0, that could lead to a memory error if the separator string is very large (hundreds of megabytes). * CVE-2025-29088, bsc#1241078: Enhanced the SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust against misuse. - Update to release 3.49.0: * Enhancements to the query planner: - Improve the query-time index optimization so that it works on WITHOUT ROWID tables. - Better query plans for large star-query joins. This fixes three different performance regressions that were reported on the SQLite Forum. - When two or more queries have the same estimated cost, use the one with the fewer bytes per row. * Enhance the iif() SQL function so that it can accept any number of arguments greater than or equal to two. * Enhance the session extension so that it works on databases that make use of generated columns. * Omit the SQLITE_USE_STDIO_FOR_CONSOLE compile-time option which was not implemented correctly and never worked right. In its place add the SQLITE_USE_W32_FOR_CONSOLE_IO compile-time option. This option applies to command-line tools like the CLI only, not to the SQLite core. It causes Win32 APIs to be used for console I/O instead of stdio. This option affects Windows builds only. * Three new options to sqlite3_db_config(). All default 'on'. SQLITE_DBCONFIG_ENABLE_ATTACH_CREATE SQLITE_DBCONFIG_ENABLE_ATTACH_WRITE SQLITE_DBCONFIG_ENABLE_COMMENTS - Re-enable SONAME which got disabled by default in 3.48.0. * https://www.sqlite.org/src/forumpost/5a3b44f510df8ded * https://sqlite.org/forum/forumpost/ab8f15697a - Update to release 3.48.0: * Improved EXPLAIN QUERY PLAN output for covering indexes. * Allow a two-argument version of the iif() SQL function. * Also allow if() as an alternative spelling for iif(). * Add the '.dbtotxt' command to the CLI. * Add the SQLITE_IOCAP_SUBPAGE_READ property to the xDeviceCharacteristics method of the sqlite3_io_methods object. * Add the SQLITE_PREPARE_DONT_LOG option to sqlite3_prepare_v3() that prevents warning messages being sent to the error log if the SQL is ill-formed. This allows sqlite3_prepare_v3() to be used to do test compiles of SQL to check for validity without polluting the error log with false messages. * Increase the minimum allowed value of SQLITE_LIMIT_LENGTH from 1 to 30. * Added the SQLITE_FCNTL_NULL_IO file control. * Extend the FTS5 auxiliary API xInstToken() to work with prefix queries via the insttoken configuration option and the fts5_insttoken() SQL function. * Increase the maximum number of arguments to an SQL function from 127 to 1000. - Update to release 3.47.2: * Fix a problem in text-to-floating-point conversion that affects text values where the first 16 significant digits are '1844674407370955'. This issue was introduced in 3.47.0 and only arises on x64 and i386 hardware. * Other minor bug fixes. - Enable the session extension, because NodeJS 22 needs it. - Update to release 3.47.1: * Fix the makefiles so that they once again honored DESTDIR for the 'install' target. * Add the SQLITE_IOCAP_SUBPAGE_READ capability to the VFS, to work around issues on some non-standard VFSes caused by making SQLITE_DIRECT_OVERFLOW_READ the default in version 3.45.0. * Fix incorrect answers to certain obscure IN queries caused by new query optimizations added in the 3.47.0 release. * Other minor bug fixes. - Update to release 3.47.0: * Allow arbitrary expressions in the second argument to the RAISE function. * If the RHS of the ->> operator is negative, then access array elements counting from the right. * Fix a problem with rolling back hot journal files in the seldom-used unix-dotfile VFS. * FTS5 tables can now be dropped even if they use a non-standard tokenizer that has not been registered. * Fix the group_concat() aggregate function so that it returns an empty string, not a NULL, if it receives a single input value which is an empty string. * Enhance the generate_series() table-valued function so that it is able to recognize and use constraints on its output value. Preupdate hooks now recognize when a column added by ALTER TABLE ADD COLUMN has a non-null default value. * Improved reuse of subqueries associated with the IN operator, especially when the IN operator has been duplicated due to predicate push-down. * Use a Bloom filter on subqueries on the right-hand side of the IN operator, in cases where that seems likely to improve performance. * Ensure that queries like 'SELECT func(a) FROM tab GROUP BY 1' only invoke the func() function once per row. * No attempt is made to create automatic indexes on a column that is known to be non-selective because of its use in other indexes that have been analyzed. * Adjustments to the query planner so that it produces better plans for star queries with a large number of dimension tables. * Add the 'order-by-subquery' optimization, that seeks to disable sort operations in outer queries if the desired order is obtained naturally due to ORDER BY clauses in subqueries. * The 'indexed-subtype-expr' optimization strives to use expressions that are part of an index rather than recomputing the expression based on table values, as long as the query planner can prove that the subtype of the expression will never be used. * Miscellaneous coding tweaks for faster runtimes. * Add the experimental sqlite3_rsync program. * Add extension functions median(), percentile(), percentile_cont(), and percentile_disc() to the CLI. * Add the .www dot-command to the CLI. * The sqlite3_analyzer utility now provides a break-out of statistics for WITHOUT ROWID tables. * The sqldiff utility avoids creating an empty database if its second argument does not exist. * Enhance the sqlite_dbpage table-valued function such that INSERT can be used to increase or decrease the size of the database file. * SQLite no longer makes any use of the 'long double' data type, as hardware support for long double is becoming less common and long double creates challenges for some compiler tool chains. Instead, SQLite uses Dekker's algorithm when extended precision is needed. * The TCL Interface for SQLite supports TCL9. Everything probably still works for TCL 8.5 and later, though this is not guaranteed. Users are encouraged to upgrade to TCL9. * Fix a corruption-causing bug in the JavaScript 'opfs' VFS. Correct 'mode=ro' handling for the 'opfs' VFS. Work around a couple of browser-specific OPFS quirks. * Add the fts5_tokenizer_v2 API and the locale=1 option, for creating custom locale-aware tokenizers and fts5 tables that may take advantage of them. * Add the contentless_unindexed=1 option, for creating contentless fts5 tables that store the values of any UNINDEXED columns persistently in the database. * Allow an FTS5 table to be dropped even if it uses a custom tokenizer whose implementation is not available. - Update to release 3.46.1: * Improved robustness while parsing the tokenize= arguments in FTS5. * Enhancements to covering index prediction in the query planner. * Do not let the number of terms on a VALUES clause be limited by SQLITE_LIMIT_COMPOUND_SELECT, even if the VALUES clause contains elements that appear to be variables due to double-quoted string literals. * Fix the window function version of group_concat() so that it returns an empty string if it has one or more empty string inputs. * In FTS5 secure-delete mode, fix false-positive integrity-check reports about corrupt indexes. * Syntax errors in ALTER TABLE should always return SQLITE_ERROR. In some cases, they were formerly returning SQLITE_INTERNAL. * Other minor fixes. - Update to release 3.46.0: * https://sqlite.org/releaselog/3_46_0.html * Enhance PRAGMA optimize in multiple ways. * Enhancements to the date and time functions. * Add support for underscore ('_') characters between digits in numeric literals. * Add the json_pretty() SQL function. * Query planner improvements. * Allocate additional memory from the heap for the SQL parser stack if that stack overflows, rather than reporting a 'parser stack overflow' error. * Allow ASCII control characters within JSON5 string literals. * Fix the -> and ->> JSON operators so that when the right-hand side operand is a string that looks like an integer it is still treated as a string, because that is what PostgreSQL does. - Update to release 3.45.3: * Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the 'old.*' values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. * Reduce the scope of the NOT NULL strength reduction optimization that was added as item 8e in version 3.35.0. The optimization was being attempted in some contexts where it did not work, resulting in incorrect query results. - Add SQLITE_STRICT_SUBTYPE=1 as recommended by upstream. - Update to release 3.45.2: * Added the SQLITE_RESULT_SUBTYPE property for application- defined SQL functions. * Enhancements to the JSON SQL functions * Add the FTS5 tokendata option to the FTS5 virtual table. * The SQLITE_DIRECT_OVERFLOW_READ optimization is now enabled by default. * Query planner improvements * Increase the default value for SQLITE_MAX_PAGE_COUNT from 1073741824 to 4294967294. * Enhancements to the CLI * Restore the JSON BLOB input bug, and promise to support the anomaly in subsequent releases, for backward compatibility. * Fix the PRAGMA integrity_check command so that it works on read-only databases that contain FTS3 and FTS5 tables. * Fix issues associated with processing corrupt JSONB inputs. * Fix a long-standing bug in which a read of a few bytes past the end of a memory-mapped segment might occur when accessing a craftily corrupted database using memory-mapped database. * Fix a long-standing bug in which a NULL pointer dereference might occur in the bytecode engine due to incorrect bytecode being generated for a class of SQL statements that are deliberately designed to stress the query planner but which are otherwise pointless. * Fix an error in UPSERT, introduced in version 3.35.0. * Reduce the scope of the NOT NULL strength reduction optimization that was added in version 3.35.0. ----------------------------------------------------------------- Advisory ID: 328 Released: Wed May 21 13:04:20 2025 Summary: Security update for glibc Type: security Severity: critical References: 1234128,1239883,1243317,CVE-2025-4802 This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) ----------------------------------------------------------------- Advisory ID: 329 Released: Wed May 21 13:23:02 2025 Summary: Security update for libxml2 Type: security Severity: moderate References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed out-of-bounds read when parsing text via the Python API (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read (bsc#1241453) ----------------------------------------------------------------- Advisory ID: 330 Released: Wed May 21 17:37:32 2025 Summary: Security update for perl Type: security Severity: important References: 1241083,CVE-2024-56406 This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow with tr// [bsc#1241083] ----------------------------------------------------------------- Advisory ID: 331 Released: Wed May 21 17:40:23 2025 Summary: Security update for ca-certificates-mozilla Type: security Severity: moderate References: 1010996,1199079,1229003,1234798,1240009,1240343,441356 This update for ca-certificates-mozilla fixes the following issues: - test for a concretely missing certificate rather than just the directory, as the latter is now also provided by openssl-3 - Re-create java-cacerts with SOURCE_DATE_EPOCH set for reproducible builds (bsc#1229003) - explicit remove distrusted certs, as the distrust does not get exported correctly and the SSL certs are still trusted. (bsc#1240343) - Entrust.net Premium 2048 Secure Server CA - Entrust Root Certification Authority - AffirmTrust Commercial - AffirmTrust Networking - AffirmTrust Premium - AffirmTrust Premium ECC - Entrust Root Certification Authority - G2 - Entrust Root Certification Authority - EC1 - GlobalSign Root E46 - GLOBALTRUST 2020 - pass file argument to awk (bsc#1240009) - update to 2.74 state of Mozilla SSL root CAs: Removed: * SwissSign Silver CA - G2 Added: * D-TRUST BR Root CA 2 2023 * D-TRUST EV Root CA 2 2023 - remove extensive signature printing in comments of the cert bundle - Define two macros to break a build cycle with p11-kit. - Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798) Removed: - SecureSign RootCA11 - Security Communication RootCA3 Added: - TWCA CYBER Root CA - TWCA Global Root CA G2 - SecureSign Root CA12 - SecureSign Root CA14 - SecureSign Root CA15 ----------------------------------------------------------------- Advisory ID: kernel-22 Released: Fri May 23 09:19:59 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and' - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). ----------------------------------------------------------------- Advisory ID: 337 Released: Fri May 23 15:00:13 2025 Summary: Security update for augeas Type: security Severity: moderate References: 1239909,CVE-2025-2588 This update for augeas fixes the following issues: - CVE-2025-2588: Fixed check for NULL pointers when calling re_case_expand in function fa_expand_nocase (bsc#1239909) The following package changes have been done: - glibc-2.38-9.1 updated - libxml2-2-2.11.6-8.1 updated - perl-base-5.38.2-2.1 updated - SL-Micro-release-6.0-25.28 updated - kernel-default-6.4.0-29.1 updated - libglib-2_0-0-2.76.2-7.1 updated - libsqlite3-0-3.49.1-1.1 updated - libgobject-2_0-0-2.76.2-7.1 updated - libgmodule-2_0-0-2.76.2-7.1 updated - ca-certificates-mozilla-2.74-1.1 updated - libgio-2_0-0-2.76.2-7.1 updated - glib2-tools-2.76.2-7.1 updated - libnm0-1.42.6-6.1 updated - NetworkManager-1.42.6-6.1 updated - elemental-register-1.6.9-1.1 updated - elemental-support-1.6.9-1.1 updated - glibc-locale-base-2.38-9.1 updated - libfa1-1.14.1-2.1 updated - libaugeas0-1.14.1-2.1 updated - container:suse-toolbox-image-1.0.0-8.7 updated From sle-container-updates at lists.suse.com Sat May 24 07:19:28 2025 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 24 May 2025 07:19:28 -0000 Subject: SUSE-IU-2025:1415-1: Security update of suse/sl-micro/6.1/kvm-os-container Message-ID: <20250524071927.AF473F78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2025:1415-1 Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-4.37 , suse/sl-micro/6.1/kvm-os-container:latest Image Release : 4.37 Severity : critical Type : security References : 1215199 1217885 1223809 1224013 1224597 1224757 1228086 1228659 1230764 1231103 1231476 1231792 1232063 1232493 1233075 1233098 1235501 1235526 1236086 1236704 1236982 1237111 1237695 1238212 1238471 1238527 1238714 1238737 1238742 1238745 1238862 1238961 1238983 1239079 1239108 1239470 1239476 1239487 1239510 1239632 1239997 1240181 1240557 1240576 1240655 1240709 1240712 1240713 1240717 1240740 1240785 1240802 1240809 1240811 1240835 1240919 1240934 1240936 1240944 1241010 1241038 1241051 1241123 1241151 1241167 1241175 1241204 1241250 1241265 1241266 1241280 1241332 1241333 1241341 1241343 1241344 1241347 1241357 1241361 1241369 1241371 1241373 1241378 1241394 1241402 1241412 1241413 1241416 1241424 1241426 1241433 1241436 1241441 1241442 1241443 1241451 1241452 1241456 1241458 1241459 1241526 1241528 1241537 1241541 1241545 1241547 1241548 1241550 1241573 1241574 1241575 1241578 1241590 1241593 1241598 1241599 1241601 1241626 1241640 1241648 1242006 1242044 1242172 1242283 1242307 1242313 1242314 1242315 1242321 1242326 1242327 1242328 1242332 1242333 1242335 1242336 1242342 1242343 1242344 1242345 1242346 1242347 1242348 1242414 1242526 1242528 1242534 1242535 1242536 1242537 1242538 1242539 1242540 1242546 1242556 1242596 1242710 1242778 1242831 1242985 CVE-2023-53034 CVE-2024-27018 CVE-2024-27415 CVE-2024-28956 CVE-2024-35840 CVE-2024-46763 CVE-2024-46865 CVE-2024-50083 CVE-2024-50162 CVE-2024-50163 CVE-2024-56641 CVE-2024-56702 CVE-2024-57924 CVE-2024-57998 CVE-2024-58001 CVE-2024-58068 CVE-2024-58070 CVE-2024-58088 CVE-2024-58093 CVE-2024-58094 CVE-2024-58095 CVE-2024-58096 CVE-2024-58097 CVE-2024-9781 CVE-2025-21683 CVE-2025-21696 CVE-2025-21707 CVE-2025-21758 CVE-2025-21768 CVE-2025-21792 CVE-2025-21808 CVE-2025-21812 CVE-2025-21833 CVE-2025-21852 CVE-2025-21853 CVE-2025-21854 CVE-2025-21867 CVE-2025-21904 CVE-2025-21925 CVE-2025-21926 CVE-2025-21931 CVE-2025-21962 CVE-2025-21963 CVE-2025-21964 CVE-2025-21980 CVE-2025-21985 CVE-2025-21999 CVE-2025-22004 CVE-2025-22015 CVE-2025-22016 CVE-2025-22017 CVE-2025-22018 CVE-2025-22020 CVE-2025-22025 CVE-2025-22027 CVE-2025-22029 CVE-2025-22033 CVE-2025-22036 CVE-2025-22044 CVE-2025-22045 CVE-2025-22050 CVE-2025-22053 CVE-2025-22055 CVE-2025-22058 CVE-2025-22060 CVE-2025-22062 CVE-2025-22064 CVE-2025-22065 CVE-2025-22075 CVE-2025-22080 CVE-2025-22086 CVE-2025-22088 CVE-2025-22090 CVE-2025-22093 CVE-2025-22097 CVE-2025-22102 CVE-2025-22104 CVE-2025-22105 CVE-2025-22106 CVE-2025-22107 CVE-2025-22108 CVE-2025-22109 CVE-2025-22115 CVE-2025-22116 CVE-2025-22121 CVE-2025-22128 CVE-2025-23129 CVE-2025-23131 CVE-2025-23133 CVE-2025-23136 CVE-2025-23138 CVE-2025-23145 CVE-2025-37785 CVE-2025-37798 CVE-2025-37799 CVE-2025-37860 CVE-2025-39728 ----------------------------------------------------------------- The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 98 Released: Mon May 12 11:09:06 2025 Summary: Recommended update for dracut Type: recommended Severity: critical References: 1217885,1228086,1231476,1231792,1232063,1236982,1237695,1239632,1240919,CVE-2024-9781 This update for dracut fixes the following issues: Update to version 059+suse.631.ga638ed12: * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919) * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885) * perf(nfs): remove references to old rpcbind state dir * fix(nfs): libnfsidmap plugins not added in some distributions * fix(dracut.spec): move znet to the main package (bsc#1239632) Update to version 059+suse.623.gf9a73df5: * fix(iscsi): make sure services are shut down when switching root (bsc#1237695) * fix(iscsi): don't require network setup for qedi * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982) Update to version 059+suse.617.gb2c1d974: Fixes for booting from iSCSI offload with bnx2i (bsc#1228086): * fix(iscsi): attempt iSCSI login before all interfaces are up * fix(iscsi): don't require network setup for bnx2i Other: * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792) Update to version 059+suse.610.g850d981a: * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063) ----------------------------------------------------------------- Advisory ID: kernel-22 Released: Fri May 23 09:19:59 2025 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1215199,1223809,1224013,1224597,1224757,1228659,1230764,1231103,1232493,1233075,1233098,1235501,1235526,1236086,1236704,1237111,1238212,1238471,1238527,1238714,1238737,1238742,1238745,1238862,1238961,1238983,1239079,1239108,1239470,1239476,1239487,1239510,1239997,1240181,1240557,1240576,1240655,1240709,1240712,1240713,1240717,1240740,1240785,1240802,1240809,1240811,1240835,1240934,1240936,1240944,1241010,1241038,1241051,1241123,1241151,1241167,1241175,1241204,1241250,1241265,1241266,1241280,1241332,1241333,1241341,1241343,1241344,1241347,1241357,1241361,1241369,1241371,1241373,1241378,1241394,1241402,1241412,1241413,1241416,1241424,1241426,1241433,1241436,1241441,1241442,1241443,1241451,1241452,1241456,1241458,1241459,1241526,1241528,1241537,1241541,1241545,1241547,1241548,1241550,1241573,1241574,1241575,1241578,1241590,1241593,1241598,1241599,1241601,1241626,1241640,1241648,1242006,1242044,1242172,1242283,1242307,1242313,1242314,1242315,1242321,1242326,1242327,1242328,1 242332,1242333,1242335,1242336,1242342,1242343,1242344,1242345,1242346,1242347,1242348,1242414,1242526,1242528,1242534,1242535,1242536,1242537,1242538,1242539,1242540,1242546,1242556,1242596,1242710,1242778,1242831,1242985,CVE-2023-53034,CVE-2024-27018,CVE-2024-27415,CVE-2024-28956,CVE-2024-35840,CVE-2024-46763,CVE-2024-46865,CVE-2024-50083,CVE-2024-50162,CVE-2024-50163,CVE-2024-56641,CVE-2024-56702,CVE-2024-57924,CVE-2024-57998,CVE-2024-58001,CVE-2024-58068,CVE-2024-58070,CVE-2024-58088,CVE-2024-58093,CVE-2024-58094,CVE-2024-58095,CVE-2024-58096,CVE-2024-58097,CVE-2025-21683,CVE-2025-21696,CVE-2025-21707,CVE-2025-21758,CVE-2025-21768,CVE-2025-21792,CVE-2025-21808,CVE-2025-21812,CVE-2025-21833,CVE-2025-21852,CVE-2025-21853,CVE-2025-21854,CVE-2025-21867,CVE-2025-21904,CVE-2025-21925,CVE-2025-21926,CVE-2025-21931,CVE-2025-21962,CVE-2025-21963,CVE-2025-21964,CVE-2025-21980,CVE-2025-21985,CVE-2025-21999,CVE-2025-22004,CVE-2025-22015,CVE-2025-22016,CVE-2025-22017,CVE-2025-22018,CVE-2025- 22020,CVE-2025-22025,CVE-2025-22027,CVE-2025-22029,CVE-2025-22033,CVE-2025-22036,CVE-2025-22044,CVE-2025-22045,CVE-2025-22050,CVE-2025-22053,CVE-2025-22055,CVE-2025-22058,CVE-2025-22060,CVE-2025-22062,CVE-2025-22064,CVE-2025-22065,CVE-2025-22075,CVE-2025-22080,CVE-2025-22086,CVE-2025-22088,CVE-2025-22090,CVE-2025-22093,CVE-2025-22097,CVE-2025-22102,CVE-2025-22104,CVE-2025-22105,CVE-2025-22106,CVE-2025-22107,CVE-2025-22108,CVE-2025-22109,CVE-2025-22115,CVE-2025-22116,CVE-2025-22121,CVE-2025-22128,CVE-2025-23129,CVE-2025-23131,CVE-2025-23133,CVE-2025-23136,CVE-2025-23138,CVE-2025-23145,CVE-2025-37785,CVE-2025-37798,CVE-2025-37799,CVE-2025-37860,CVE-2025-39728 The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - Drop PCI patch that caused a regression (bsc#1241123) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and' - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). The following package changes have been done: - file-magic-5.44-slfo.1.1_1.4 added - pigz-2.8-slfo.1.1_1.2 added - libmagic1-5.44-slfo.1.1_1.4 added - libdw1-0.189-slfo.1.1_1.5 added - file-5.44-slfo.1.1_1.4 added - libasm1-0.189-slfo.1.1_1.5 added - zstd-1.5.5-slfo.1.1_1.4 added - elfutils-0.189-slfo.1.1_1.5 added - cpio-2.15-slfo.1.1_2.4 added - perl-Bootloader-1.13.0-slfo.1.1_1.2 added - util-linux-systemd-2.40.4-slfo.1.1_1.1 added - dracut-059+suse.631.ga638ed12-slfo.1.1_1.1 added - kernel-default-base-6.4.0-29.1.21.7 updated