SUSE-IU-2025:1309-1: Security update of suse/sl-micro/6.1/base-os-container

Tue May 13 07:06:23 UTC 2025

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1309-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-4.31 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 4.31
Severity          : critical
Type              : security
References        : 1010996 1199079 1217885 1228086 1229003 1231476 1231792 1232063
                        1234798 1236982 1237695 1239632 1240009 1240343 1240919 441356
                        CVE-2024-10389 CVE-2024-10975 CVE-2024-45794 CVE-2024-48057 CVE-2024-51735
                        CVE-2024-51746 CVE-2024-9781 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 98
Released:    Mon May 12 11:09:06 2025
Summary:     Recommended update for dracut
Type:        recommended
Severity:    critical
References:  1217885,1228086,1231476,1231792,1232063,1236982,1237695,1239632,1240919,CVE-2024-9781
This update for dracut fixes the following issues:

Update to version 059+suse.631.ga638ed12:

  * fix(dmsquash-live): do not check ISO md5 if image filesystem (bsc#1240919)
  * fix(nfs): set correct ownership of rpc.statd state directories (bsc#1217885)
  * perf(nfs): remove references to old rpcbind state dir
  * fix(nfs): libnfsidmap plugins not added in some distributions
  * fix(dracut.spec): move znet to the main package (bsc#1239632)

Update to version 059+suse.623.gf9a73df5:

  * fix(iscsi): make sure services are shut down when switching root (bsc#1237695)
  * fix(iscsi): don't require network setup for qedi
  * fix(network-legacy): do not require pgrep when using wicked (bsc#1236982)

Update to version 059+suse.617.gb2c1d974:

  Fixes for booting from iSCSI offload with bnx2i (bsc#1228086):

  * fix(iscsi): attempt iSCSI login before all interfaces are up
  * fix(iscsi): don't require network setup for bnx2i

  Other:

  * fix(dracut): rework timeout for devices added via --mount and --add-device (bsc#1231792)

Update to version 059+suse.610.g850d981a:

  * fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063)

-----------------------------------------------------------------
Advisory ID: 99
Released:    Mon May 12 11:14:56 2025
Summary:     Security update for ca-certificates-mozilla
Type:        security
Severity:    moderate
References:  1010996,1199079,1229003,1234798,1240009,1240343,441356,CVE-2024-10389,CVE-2024-10975,CVE-2024-45794,CVE-2024-48057,CVE-2024-51735,CVE-2024-51746
This update for ca-certificates-mozilla fixes the following issues:

Update to 2.74 state of Mozilla SSL root CAs:

Removed:

* SwissSign Silver CA - G2

Added:

* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023

Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):

Removed:

* SecureSign RootCA11
* Security Communication RootCA3

Added:

* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15

The following package changes have been done:

- dracut-059+suse.631.ga638ed12-slfo.1.1_1.1 updated
- ca-certificates-mozilla-2.74-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-4.31 updated