SUSE-IU-2025:1294-1: Security update of suse/sl-micro/6.1/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri May 9 07:09:24 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1294-1
Image Tags        : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-4.29 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release     : 4.29
Severity          : important
Type              : security
References        : 1159034 1194818 1218609 1220117 1221831 1223605 1224285 1225197
                        1225598 1229476 1231472 1236619 CVE-2024-28085 CVE-2025-24528
-----------------------------------------------------------------

The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 92
Released:    Thu May  8 08:35:42 2025
Summary:     Recommended update for findutils
Type:        recommended
Severity:    moderate
References:  1231472
This update for findutils fixes the following issues:

- do not crash when file system loop was encountered (bsc#1231472)
- added patches
  fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9
- modified patches

-----------------------------------------------------------------
Advisory ID: 94
Released:    Thu May  8 14:24:20 2025
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1236619,CVE-2025-24528
This update for krb5 fixes the following issues:

- CVE-2025-24528: Prevent overflow when calculating ulog block size.
  An authenticated attacker can cause kadmind to write beyond the end
  of the mapped region for the iprop log file, likely causing a process
  crash; ((bsc#1236619).

-----------------------------------------------------------------
Advisory ID: 95
Released:    Thu May  8 14:25:53 2025
Summary:     Security update for util-linux
Type:        security
Severity:    important
References:  1159034,1194818,1218609,1220117,1221831,1223605,1224285,1225197,1225598,1229476,CVE-2024-28085
This update for util-linux fixes the following issues:

- Updated to version 2.40.4:
  * agetty: Prevent cursor escape (bsc#1194818)
  * chcpu(8): Document CPU deconfiguring behavior
  * fdisk: SGI fixes
  * hardlink: fix memory corruption
  * hardlink.1 directory|file is mandatory
  * lib/env: fix env_list_setenv() for strings without '='
  * libblkid:
    (exfat) validate fields used by prober
    (gpt) use blkid_probe_verify_csum() for partition array
     checksum
    add FSLASTBLOCK for swaparea
    bitlocker fix version on big-endian systems
  * libfdisk: make sure libblkid uses the same sector size
  * libmount:
    extract common error handling function
    propagate first error of multiple filesystem types
  * logger: correctly format tv_usec
  * lscpu: Skip aarch64 decode path for rest of the architectures
    (bsc#1229476)
  * lsns: ignore ESRCH errors reported when accessing files under
    /proc
  * mkswap: set selinux label also when creating file
  * more: make sure we have data on stderr
  * nsenter: support empty environ
  * umount, losetup: Document loop destroy behavior
    (bsc#1159034).
  * uuidd: fix /var/lib/libuuid mode uuidd-tmpfiles.conf
    fix /var/lib/libuuid mode uuidd-tmpfiles.conf
  - Refresh util-linux.keyring. Key validity was extended.

- Update to version 2.40.2:
  * cfdisk: fix possible integer overflow
  * libmount: improving robustness in reading kernel messages,
    add pidfs to pseudo fs list
  * lscpu: New Arm Cortex part numbers
    fix hang of lscpu -e (bsc#1225598)
  * lsfd: Refactor the pidfd logic, support pidfs
  * mkswap.8.adoc: update note regarding swapfile creation
  * setpgid: make -f work

- Enable kernel mountfd API, as it should be already stable
  (PED-9752).
- Move autoreconf back to %build.
- Add devel dependencies.
- Remove util-linux-rpmlintrc. It is no more needed with multibuild.
- uncomment 'autoreconf --install' to use the new version of automake
- disable libmagic in more(1) for binary detection (bsc#1225197)
- add support for pidfs in kernel 6.9 (bsc#1224285)
 
- Update to version 2.40.1:
  * more: clean processes not cleaned up after failed SSH session
    using up 100% CPU (bsc#1220117)
  * CVE-2024-28085: Fixed improper neutralization of escape sequences in wall (bsc#1221831)
  * chcpu: document limitations of -g (bsc#1218609)
  * lscpu: even more Arm part numbers (bsc#1223605)


The following package changes have been done:

- libuuid1-2.40.4-slfo.1.1_1.1 updated
- libsmartcols1-2.40.4-slfo.1.1_1.1 updated
- libblkid1-2.40.4-slfo.1.1_1.1 updated
- findutils-4.9.0-slfo.1.1_2.1 updated
- libmount1-2.40.4-slfo.1.1_1.1 updated
- libfdisk1-2.40.4-slfo.1.1_1.1 updated
- util-linux-2.40.4-slfo.1.1_1.1 updated
- SL-Micro-release-6.1-slfo.1.11.27 updated
- util-linux-systemd-2.40.4-slfo.1.1_1.1 updated
- krb5-1.21.3-slfo.1.1_2.1 updated
- container:SL-Micro-base-container-2.2.0-4.29 updated

More information about the sle-container-updates mailing list