SUSE-IU-2025:3669-1: Security update of suse/sle-micro/5.5

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Nov 13 08:07:16 UTC 2025 

SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3669-1
Image Tags        : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.402 , suse/sle-micro/5.5:latest
Image Release     : 5.5.402
Severity          : important
Type              : security
References        : 1252110 1252232 1252376 1252543 CVE-2025-31133 CVE-2025-31133
                        CVE-2025-52565 CVE-2025-52565 CVE-2025-52881 CVE-2025-52881 
-----------------------------------------------------------------

The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4073-1
Released:    Wed Nov 12 11:34:27 2025
Summary:     Security update for runc
Type:        security
Severity:    important
References:  1252110,1252232,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for runc fixes the following issues:

Update to runc v1.3.3. Upstream changelog is available from

  <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232

  * CVE-2025-31133
  * CVE-2025-52565
  * CVE-2025-52881

Update to runc v1.3.2. Upstream changelog is available from

<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110

  - Includes an important fix for the CPUSet translation for cgroupv2.

Update to runc v1.3.1. Upstream changelog is available from

<https://github.com/opencontainers/runc/releases/tag/v1.3.1>

Update to runc v1.3.0. Upstream changelog is available from

<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4081-1
Released:    Wed Nov 12 13:49:31 2025
Summary:     Security update for podman
Type:        security
Severity:    important
References:  1252376,1252543,CVE-2025-31133,CVE-2025-52565,CVE-2025-52881
This update for podman fixes the following issues:

- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
    
Other fixes:
    
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)


The following package changes have been done:

- runc-1.3.3-150000.85.1 updated
- podman-4.9.5-150500.3.56.2 updated

More information about the sle-container-updates mailing list