SUSE-CU-2025:3193-1: Security update of containers/pytorch
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed May 7 07:04:22 UTC 2025
SUSE Container Update Advisory: containers/pytorch
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:3193-1
Container Tags : containers/pytorch:2-nvidia , containers/pytorch:2.5.0-nvidia , containers/pytorch:2.5.0-nvidia-1.34
Container Release : 1.34
Severity : important
Type : security
References : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 1227637
1233307 1234015 1234128 1234713 1236165 1236643 1236886 1237374
1237606 1238450 1238610 1239210 1239618 1239883 1240414 1241453
1241551 CVE-2024-11168 CVE-2024-8176 CVE-2025-1632 CVE-2025-1795
CVE-2025-25724 CVE-2025-31115 CVE-2025-32414 CVE-2025-32415
-----------------------------------------------------------------
The container containers/pytorch was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released: Wed Mar 19 08:04:05 2025
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:
- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
* Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
* In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
* cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
error code to the caller when an health test error occurs when
random bytes are requested through the jent_read_entropy_safe()
function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
* Remove the internal jitterentropy copy [bsc#1220896]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:969-1
Released: Thu Mar 20 14:28:47 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1227637,1236165
This update for crypto-policies fixes the following issues:
- Fix fips-mode-setup in EFI or Secure Boot mode (bsc#1227637).
- tolerate fips dracut module presence w/o FIPS
* Fixes the 'Inconsistent state detected' warning when disabling the FIPS mode
(bsc#1236165).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:982-1
Released: Fri Mar 21 15:17:03 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1238450,1239210,CVE-2025-1795
This update for python311 fixes the following issues:
- CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:985-1
Released: Fri Mar 21 18:45:14 2025
Summary: Security update for libarchive
Type: security
Severity: moderate
References: 1237606,1238610,CVE-2025-1632,CVE-2025-25724
This update for libarchive fixes the following issues:
- CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606)
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1016-1
Released: Tue Mar 25 15:59:05 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1234015,1236643,1236886
This update for systemd fixes the following issues:
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- journald: close runtime journals before their parent directory removed
- journald: reset runtime seqnum data when flushing to system journal (bsc#1236886)
- Move systemd-userwork from the experimental sub-package to the main package (bsc#1236643)
It is likely an oversight from when systemd-userdb was migrated from the
experimental package to the main one.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1056-1
Released: Fri Mar 28 18:06:22 2025
Summary: Security update for python3
Type: security
Severity: moderate
References: 1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1137-1
Released: Thu Apr 3 17:11:02 2025
Summary: Security update for xz
Type: security
Severity: important
References: 1240414,CVE-2025-31115
This update for xz fixes the following issues:
- CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1198-1
Released: Fri Apr 11 09:46:09 2025
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1234128,1234713,1239883
This update for glibc fixes the following issues:
- Fix the lost wakeup from a bug in signal stealing (bsc#1234128)
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1245-1
Released: Mon Apr 14 13:31:49 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: moderate
References: 1237374
This update for rsync fixes the following issues:
- Security scan found old glib in pkg-config (bsc#1237374).
- This update for pkg-config changes attribute to the author who actually
makes the change
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1438-1
Released: Fri May 2 15:44:07 2025
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
The following package changes have been done:
- glibc-2.38-150600.14.26.1 updated
- crypto-policies-20230920.570ea89-150600.3.9.2 updated
- cuda-cccl-12-8-12.8.90-150600.4.1 added
- cuda-crt-12-8-12.8.93-150600.4.1 added
- cuda-nvrtc-12-8-12.8.93-150600.4.1 added
- cuda-nvvm-12-8-12.8.93-150600.4.1 added
- cuda-toolkit-12-8-config-common-12.8.90-150600.4.1 added
- cuda-toolkit-12-config-common-12.8.90-150600.4.1 updated
- cuda-toolkit-config-common-12.8.90-150600.4.1 updated
- libexpat1-2.7.1-150400.3.28.1 updated
- libglib-2_0-0-2.78.6-150600.4.11.1 updated
- liblzma5-5.4.1-150600.3.3.1 updated
- libsqlite3-0-3.46.0-150600.1.10 updated
- libudev1-254.24-150600.4.28.1 updated
- libzstd1-1.5.6-150600.1.10 updated
- libnvjitlink-12-8-12.8.93-150600.4.1 added
- libcurand-12-8-10.3.9.90-150600.4.1 added
- libcufft-12-8-11.3.3.83-150600.4.1 added
- libcublas-12-8-12.8.4.1-150600.2.1 added
- cuda-cudart-12-8-12.8.90-150600.4.1 added
- pkg-config-0.29.2-150600.15.6.3 updated
- libgobject-2_0-0-2.78.6-150600.4.11.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.11.1 updated
- libgcrypt20-1.10.3-150600.3.6.1 updated
- libxml2-2-2.10.3-150500.5.26.1 updated
- libprotobuf25_5_0-25.5-150600.2.61 updated
- libcusparse-12-8-12.5.8.93-150600.4.1 added
- cuda-nvtx-12-8-12.8.90-150600.4.1 added
- cuda-driver-devel-12-8-12.8.90-150600.2.1 added
- libpython3_11-1_0-3.11.11-150600.3.21.1 updated
- python311-base-3.11.11-150600.3.21.1 updated
- libarchive13-3.7.2-150600.3.12.1 updated
- python3-base-3.6.15-150300.10.84.1 updated
- libpython3_6m1_0-3.6.15-150300.10.84.1 updated
- libcusolver-12-8-11.7.3.90-150600.4.1 added
- glibc-devel-2.38-150600.14.29.1 updated
- libgio-2_0-0-2.78.6-150600.4.11.1 updated
- glib2-tools-2.78.6-150600.4.11.1 updated
- python311-typing_extensions-4.12.2-150600.1.12 updated
- python311-six-1.16.0-150600.1.13 updated
- python311-protobuf-4.25.5-150600.2.61 updated
- python311-numpy-2.1.1-150600.1.37 updated
- python311-torch-cuda-2.5.0-150600.2.18 updated
- container:registry.suse.com-bci-bci-base-15.6.47.5.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-1565fe8f47e399a778db22c2e26b8f00c2205a1f43a9635483c2689ee7ac80e0-0 updated
- cuda-cccl-12-5-12.5.39-150600.2.3 removed
- cuda-crt-12-5-12.5.82-150600.2.3 removed
- cuda-cudart-12-5-12.5.82-150600.2.3 removed
- cuda-driver-devel-12-5-12.5.82-150600.1.14 removed
- cuda-nvrtc-12-5-12.5.82-150600.2.3 removed
- cuda-nvtx-12-5-12.5.82-150600.2.3 removed
- cuda-nvvm-12-5-12.5.82-150600.2.3 removed
- cuda-toolkit-12-5-config-common-12.5.82-150600.2.3 removed
- libcublas-12-5-12.5.3.2-150600.1.12 removed
- libcufft-12-5-11.2.3.61-150600.2.3 removed
- libcurand-12-5-10.3.6.82-150600.2.3 removed
- libcusolver-12-5-11.6.3.83-150600.2.3 removed
- libcusparse-12-5-12.5.1.3-150600.2.3 removed
- libnvjitlink-12-5-12.5.82-150600.2.3 removed
More information about the sle-container-updates
mailing list