SUSE-IU-2025:1380-1: Security update of suse/sle-micro/base-5.5

Thu May 22 07:05:43 UTC 2025

SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:1380-1
Image Tags        : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.172 , suse/sle-micro/base-5.5:latest
Image Release     : 5.8.172
Severity          : important
Type              : security
References        : 1054914 1206843 1210409 1222044 1225903 1229361 1229621 1230267
                        1230764 1231103 1231910 1235598 1235958 1235971 1236777 1237172
                        1237587 1237949 1237981 1238032 1238315 1238471 1238512 1238747
                        1238865 1239061 1239651 1239684 1239809 1239968 1240209 1240211
                        1240214 1240228 1240230 1240246 1240248 1240269 1240271 1240274
                        1240285 1240295 1240306 1240314 1240315 1240321 1240529 1240747
                        1240835 1241280 1241371 1241421 1241433 1241541 1241625 1241648
                        1242284 1242493 1242778 CVE-2021-47671 CVE-2022-48933 CVE-2022-49110
                        CVE-2022-49139 CVE-2022-49741 CVE-2022-49745 CVE-2022-49767 CVE-2023-52928
                        CVE-2023-52931 CVE-2023-52936 CVE-2023-52937 CVE-2023-52938 CVE-2023-52981
                        CVE-2023-52982 CVE-2023-52986 CVE-2023-52994 CVE-2023-53001 CVE-2023-53002
                        CVE-2023-53009 CVE-2023-53014 CVE-2023-53018 CVE-2023-53031 CVE-2023-53051
                        CVE-2024-42307 CVE-2024-46763 CVE-2024-46865 CVE-2024-50038 CVE-2025-21726
                        CVE-2025-21785 CVE-2025-21791 CVE-2025-21812 CVE-2025-21839 CVE-2025-22004
                        CVE-2025-22020 CVE-2025-22045 CVE-2025-22055 CVE-2025-22097 CVE-2025-2312
                        CVE-2025-23138 CVE-2025-39735 
-----------------------------------------------------------------

The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1620-1
Released:    Wed May 21 11:58:41 2025
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1054914,1206843,1210409,1225903,1229361,1229621,1230764,1231103,1231910,1236777,1237981,1238032,1238471,1238512,1238747,1238865,1239061,1239684,1239968,1240209,1240211,1240214,1240228,1240230,1240246,1240248,1240269,1240271,1240274,1240285,1240295,1240306,1240314,1240315,1240321,1240747,1240835,1241280,1241371,1241421,1241433,1241541,1241625,1241648,1242284,1242493,1242778,CVE-2021-47671,CVE-2022-48933,CVE-2022-49110,CVE-2022-49139,CVE-2022-49741,CVE-2022-49745,CVE-2022-49767,CVE-2023-52928,CVE-2023-52931,CVE-2023-52936,CVE-2023-52937,CVE-2023-52938,CVE-2023-52981,CVE-2023-52982,CVE-2023-52986,CVE-2023-52994,CVE-2023-53001,CVE-2023-53002,CVE-2023-53009,CVE-2023-53014,CVE-2023-53018,CVE-2023-53031,CVE-2023-53051,CVE-2024-42307,CVE-2024-46763,CVE-2024-46865,CVE-2024-50038,CVE-2025-21726,CVE-2025-21785,CVE-2025-21791,CVE-2025-21812,CVE-2025-21839,CVE-2025-22004,CVE-2025-22020,CVE-2025-22045,CVE-2025-22055,CVE-2025-22097,CVE-2025-2312,CVE-2025-23138,CVE-2025-39735
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

- CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
- CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).

The following non-security bugs were fixed:

- cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777).
- cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
- cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777).
- cpufreq: Support per-policy performance boost (bsc#1236777).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1626-1
Released:    Wed May 21 12:00:29 2025
Summary:     Recommended update for grub2
Type:        recommended
Severity:    moderate
References:  1235958,1235971,1239651

This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z.

Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged.

Also the following issue was fixed:

- Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1643-1
Released:    Wed May 21 16:32:37 2025
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    important
References:  1222044,1230267,1235598,1237172,1237587,1237949,1238315,1239809,1240529
This update for libsolv, libzypp, zypper fixes the following issues:

- Support the apk package and repository format (both v2 and v3)
- New dataiterator_final_{repo,solvable} functions
- Provide a symbol specific for the ruby-version so yast does not break across updates (bsc#1235598)
- XmlReader: Fix detection of bad input streams
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a service may set
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct default (false)
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- Fix computation of RepStatus if Repo URLs change
- Fix lost double slash when appending to an absolute FTP url (bsc#1238315)
- Add a transaction package preloader
- Strip a mediahandler tag from baseUrl querystrings
- Updated translations (bsc#1230267)
- Do not double encode URL strings passed on the commandline (bsc#1237587)
- info,search: add option to search and list Enhances (bsc#1237949)

The following package changes have been done:

- grub2-2.06-150500.29.50.1 updated
- grub2-i386-pc-2.06-150500.29.50.1 updated
- kernel-default-5.14.21-150500.55.103.1 updated
- grub2-x86_64-efi-2.06-150500.29.50.1 updated
- libsolv-tools-base-0.7.32-150500.6.8.1 updated
- libsolv-tools-0.7.32-150500.6.8.1 updated
- libzypp-17.36.7-150500.6.45.1 updated
- zypper-1.14.89-150500.6.29.1 updated