SUSE-IU-2025:1358-1: Security update of suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2

Sat May 17 07:02:32 UTC 2025

SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1358-1
Image Tags        : suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2:20250514
Image Release     : 
Severity          : important
Type              : security
References        : 1232234 1239680 1239749 1241020 1241078 1241189 1241453 1241551
                        CVE-2024-10041 CVE-2024-40635 CVE-2025-2312 CVE-2025-29087 CVE-2025-29088
                        CVE-2025-32414 CVE-2025-32415 CVE-2025-3277 
-----------------------------------------------------------------

The container suse-sles-15-sp6-chost-byos-v20250514-x86_64-gen2 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1291-1
Released:    Wed Apr 16 09:41:51 2025
Summary:     Recommended update for timezone
Type:        recommended
Severity:    moderate
References:  
This update for timezone fixes the following issues:

- Version update 2025b
  * New zone for Aysen Region in Chile (America/Coyhaique) which
    moves from -04/-03 to -03
- Refresh patches for philippines historical data and china tzdata

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released:    Thu Apr 17 09:03:05 2025
Summary:     Security update for pam
Type:        security
Severity:    moderate
References:  1232234,CVE-2024-10041
This update for pam fixes the following issues:

- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1345-1
Released:    Thu Apr 17 17:14:27 2025
Summary:     Security update for containerd
Type:        security
Severity:    moderate
References:  1239749,CVE-2024-40635
This update for containerd fixes the following issues:

- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) 

Other fixes:
- Update to containerd v1.7.27.

-----------------------------------------------------------------
Advisory ID: 38402
Released:    Fri Apr 25 11:05:30 2025
Summary:     Recommended update for freetype2
Type:        recommended
Severity:    important
References:  
This update for freetype2 fixes the following issue:

- enable brotli support (jsc#PED-12258)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1381-1
Released:    Mon Apr 28 09:37:03 2025
Summary:     Security update for cifs-utils
Type:        security
Severity:    moderate
References:  1239680,CVE-2025-2312
This update for cifs-utils fixes the following issues:

- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong 
  namespace in containerized environments while trying to get Kerberos 
  credentials (bsc#1239680)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1438-1
Released:    Fri May  2 15:44:07 2025
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:

- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1456-1
Released:    Wed May  7 17:13:32 2025
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1241020,1241078,1241189,CVE-2025-29087,CVE-2025-29088,CVE-2025-3277
This update for sqlite3 fixes the following issues:

- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)

Other fixes:

- Updated to version 3.49.1 from Factory (jsc#SLE-16032)

The following package changes have been done:

- apparmor-abstractions-3.1.7-150600.5.9.1 updated
- apparmor-parser-3.1.7-150600.5.9.1 updated
- cifs-utils-6.15-150400.3.12.1 updated
- containerd-ctr-1.7.27-150000.123.1 updated
- containerd-1.7.27-150000.123.1 updated
- glib2-tools-2.78.6-150600.4.11.1 updated
- glibc-locale-base-2.38-150600.14.29.1 updated
- glibc-locale-2.38-150600.14.29.1 updated
- glibc-2.38-150600.14.29.1 updated
- iproute2-6.4-150600.7.6.1 updated
- libapparmor1-3.1.7-150600.5.9.1 updated
- libaugeas0-1.14.1-150600.3.3.1 updated
- libdevmapper1_03-2.03.22_1.02.196-150600.3.6.1 updated
- libfa1-1.14.1-150600.3.3.1 updated
- libfreetype6-2.10.4-150000.4.22.1 updated
- libgcrypt20-1.10.3-150600.3.6.1 updated
- libgio-2_0-0-2.78.6-150600.4.11.1 updated
- libglib-2_0-0-2.78.6-150600.4.11.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.11.1 updated
- libgobject-2_0-0-2.78.6-150600.4.11.1 updated
- libopenssl3-3.1.4-150600.5.27.1 updated
- libsolv-tools-base-0.7.32-150600.8.10.1 updated
- libsqlite3-0-3.49.1-150000.3.27.1 updated
- libxml2-2-2.10.3-150500.5.26.1 updated
- libzypp-17.36.7-150600.3.53.1 updated
- openssl-3-3.1.4-150600.5.27.1 updated
- pam-1.3.0-150000.6.76.1 updated
- samba-client-libs-4.19.8+git.422.34307c5a3aa-150600.3.15.1 updated
- timezone-2025b-150600.91.6.2 updated
- zypper-1.14.89-150600.10.31.1 updated