SUSE-CU-2025:8544-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Nov 25 10:24:16 UTC 2025
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8544-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.8.134 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.8.134
Severity : important
Type : security
References : 1012628 1214954 1215143 1215199 1216396 1220419 1224386 1233529
1236743 1236744 1239206 1241132 1244939 1245953 1248211 1248230
1248501 1248517 1248630 1248754 1248886 1249161 1249182 1249224
1249286 1249302 1249317 1249319 1249320 1249512 1249595 1249608
1250032 1250119 1250202 1250205 1250237 1250274 1250296 1250379
1250400 1250455 1250491 1250519 1250650 1250702 1250704 1250721
1250742 1250946 1251024 1251027 1251028 1251031 1251035 1251038
1251043 1251045 1251052 1251053 1251054 1251056 1251057 1251059
1251060 1251065 1251066 1251067 1251068 1251071 1251076 1251079
1251081 1251083 1251084 1251100 1251105 1251106 1251108 1251113
1251114 1251119 1251123 1251126 1251132 1251134 1251143 1251146
1251150 1251152 1251153 1251159 1251161 1251170 1251177 1251180
1251206 1251215 1251216 1251222 1251230 1251232 1251233 1251247
1251268 1251269 1251270 1251282 1251283 1251286 1251290 1251319
1251321 1251323 1251328 1251529 1251721 1251732 1251742 1251743
1251746 1251748 1251749 1251750 1251754 1251755 1251756 1251758
1251759 1251760 1251762 1251763 1251764 1251769 1251771 1251772
1251777 1251780 1251804 1251810 1251930 1251967 1252033 1252035
1252039 1252044 1252047 1252051 1252052 1252056 1252060 1252062
1252064 1252065 1252069 1252070 1252072 1252074 1252075 1252078
1252079 1252082 1252083 1252236 1252265 1252269 1252269 1252332
1252336 1252346 1252348 1252349 1252364 1252479 1252481 1252489
1252490 1252492 1252495 1252496 1252499 1252534 1252536 1252537
1252550 1252553 1252559 1252561 1252564 1252565 1252566 1252632
1252668 1252678 1252679 1252685 1252688 1252772 1252774 1252775
1252785 1252787 1252789 1252797 1252822 1252826 1252841 1252848
1252849 1252850 1252851 1252854 1252858 1252865 1252866 1252873
1252902 1252904 1252909 1252918 1252930 1252931 1252932 1252933
1252934 1252935 1252939 CVE-2023-53538 CVE-2023-53539 CVE-2023-53540
CVE-2023-53541 CVE-2023-53543 CVE-2023-53545 CVE-2023-53546 CVE-2023-53548
CVE-2023-53550 CVE-2023-53552 CVE-2023-53553 CVE-2023-53554 CVE-2023-53555
CVE-2023-53556 CVE-2023-53557 CVE-2023-53558 CVE-2023-53559 CVE-2023-53560
CVE-2023-53563 CVE-2023-53568 CVE-2023-53570 CVE-2023-53572 CVE-2023-53574
CVE-2023-53575 CVE-2023-53577 CVE-2023-53579 CVE-2023-53580 CVE-2023-53581
CVE-2023-53583 CVE-2023-53585 CVE-2023-53588 CVE-2023-53593 CVE-2023-53596
CVE-2023-53597 CVE-2023-53599 CVE-2023-53600 CVE-2023-53601 CVE-2023-53602
CVE-2023-53603 CVE-2023-53611 CVE-2023-53613 CVE-2023-53615 CVE-2023-53616
CVE-2023-53617 CVE-2023-53618 CVE-2023-53619 CVE-2023-53621 CVE-2023-53622
CVE-2023-53631 CVE-2023-53632 CVE-2023-53633 CVE-2023-53638 CVE-2023-53645
CVE-2023-53646 CVE-2023-53647 CVE-2023-53648 CVE-2023-53649 CVE-2023-53650
CVE-2023-53652 CVE-2023-53653 CVE-2023-53654 CVE-2023-53656 CVE-2023-53657
CVE-2023-53658 CVE-2023-53659 CVE-2023-53660 CVE-2023-53662 CVE-2023-53663
CVE-2023-53665 CVE-2023-53666 CVE-2023-53668 CVE-2023-53670 CVE-2023-53672
CVE-2023-53673 CVE-2023-53674 CVE-2023-53681 CVE-2023-53686 CVE-2023-53687
CVE-2023-53693 CVE-2023-53697 CVE-2023-53698 CVE-2023-53699 CVE-2023-53703
CVE-2023-53704 CVE-2023-53707 CVE-2023-53708 CVE-2023-53711 CVE-2023-53713
CVE-2023-53718 CVE-2023-53721 CVE-2023-53722 CVE-2023-53725 CVE-2023-53726
CVE-2023-53727 CVE-2023-53728 CVE-2023-53729 CVE-2023-53730 CVE-2023-53731
CVE-2023-53733 CVE-2025-38008 CVE-2025-38539 CVE-2025-38552 CVE-2025-38653
CVE-2025-38699 CVE-2025-38700 CVE-2025-38718 CVE-2025-39673 CVE-2025-39676
CVE-2025-39683 CVE-2025-39697 CVE-2025-39702 CVE-2025-39756 CVE-2025-39794
CVE-2025-39797 CVE-2025-39812 CVE-2025-39813 CVE-2025-39828 CVE-2025-39841
CVE-2025-39851 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895
CVE-2025-39902 CVE-2025-39911 CVE-2025-39931 CVE-2025-39934 CVE-2025-39937
CVE-2025-39938 CVE-2025-39945 CVE-2025-39946 CVE-2025-39947 CVE-2025-39948
CVE-2025-39949 CVE-2025-39952 CVE-2025-39955 CVE-2025-39957 CVE-2025-39965
CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971
CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39981 CVE-2025-39982
CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991
CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997
CVE-2025-40000 CVE-2025-40005 CVE-2025-40010 CVE-2025-40011 CVE-2025-40013
CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029
CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40043 CVE-2025-40044
CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058
CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078
CVE-2025-40080 CVE-2025-40082 CVE-2025-40085 CVE-2025-40087 CVE-2025-40088
CVE-2025-40096 CVE-2025-40100 CVE-2025-54770 CVE-2025-54771 CVE-2025-61661
CVE-2025-61662 CVE-2025-61663 CVE-2025-61664
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4140-1
Released: Wed Nov 19 14:15:25 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1214954,1215143,1215199,1216396,1220419,1236743,1239206,1244939,1248211,1248230,1248517,1248630,1248754,1248886,1249161,1249182,1249224,1249286,1249302,1249317,1249319,1249320,1249512,1249595,1249608,1250032,1250119,1250202,1250205,1250237,1250274,1250296,1250379,1250400,1250455,1250491,1250519,1250650,1250702,1250704,1250721,1250742,1250946,1251024,1251027,1251028,1251031,1251035,1251038,1251043,1251045,1251052,1251053,1251054,1251056,1251057,1251059,1251060,1251065,1251066,1251067,1251068,1251071,1251076,1251079,1251081,1251083,1251084,1251100,1251105,1251106,1251108,1251113,1251114,1251119,1251123,1251126,1251132,1251134,1251143,1251146,1251150,1251152,1251153,1251159,1251161,1251170,1251177,1251180,1251206,1251215,1251216,1251222,1251230,1251232,1251233,1251247,1251268,1251269,1251270,1251282,1251283,1251286,1251290,1251319,1251321,1251323,1251328,1251529,1251721,1251732,1251742,1251743,1251746,1251748,1251749,1251750,1251754,1251755,1251756,1251758,1251759,1
251760,1251762,1251763,1251764,1251769,1251771,1251772,1251777,1251780,1251804,1251810,1251930,1251967,1252033,1252035,1252039,1252044,1252047,1252051,1252052,1252056,1252060,1252062,1252064,1252065,1252069,1252070,1252072,1252074,1252075,1252078,1252079,1252082,1252083,1252236,1252265,1252269,1252332,1252336,1252346,1252348,1252349,1252364,1252479,1252481,1252489,1252490,1252492,1252495,1252496,1252499,1252534,1252536,1252537,1252550,1252553,1252559,1252561,1252564,1252565,1252566,1252632,1252668,1252678,1252679,1252685,1252688,1252772,1252774,1252775,1252785,1252787,1252789,1252797,1252822,1252826,1252841,1252848,1252849,1252850,1252851,1252854,1252858,1252865,1252866,1252873,1252902,1252904,1252909,1252918,1252939,CVE-2023-53538,CVE-2023-53539,CVE-2023-53540,CVE-2023-53541,CVE-2023-53543,CVE-2023-53545,CVE-2023-53546,CVE-2023-53548,CVE-2023-53550,CVE-2023-53552,CVE-2023-53553,CVE-2023-53554,CVE-2023-53555,CVE-2023-53556,CVE-2023-53557,CVE-2023-53558,CVE-2023-53559,CVE-2023-53560,
CVE-2023-53563,CVE-2023-53568,CVE-2023-53570,CVE-2023-53572,CVE-2023-53574,CVE-2023-53575,CVE-2023-53577,CVE-2023-53579,CVE-2023-53580,CVE-2023-53581,CVE-2023-53583,CVE-2023-53585,CVE-2023-53588,CVE-2023-53593,CVE-2023-53596,CVE-2023-53597,CVE-2023-53599,CVE-2023-53600,CVE-2023-53601,CVE-2023-53602,CVE-2023-53603,CVE-2023-53611,CVE-2023-53613,CVE-2023-53615,CVE-2023-53616,CVE-2023-53617,CVE-2023-53618,CVE-2023-53619,CVE-2023-53621,CVE-2023-53622,CVE-2023-53631,CVE-2023-53632,CVE-2023-53633,CVE-2023-53638,CVE-2023-53645,CVE-2023-53646,CVE-2023-53647,CVE-2023-53648,CVE-2023-53649,CVE-2023-53650,CVE-2023-53652,CVE-2023-53653,CVE-2023-53654,CVE-2023-53656,CVE-2023-53657,CVE-2023-53658,CVE-2023-53659,CVE-2023-53660,CVE-2023-53662,CVE-2023-53663,CVE-2023-53665,CVE-2023-53666,CVE-2023-53668,CVE-2023-53670,CVE-2023-53672,CVE-2023-53673,CVE-2023-53674,CVE-2023-53681,CVE-2023-53686,CVE-2023-53687,CVE-2023-53693,CVE-2023-53697,CVE-2023-53698,CVE-2023-53699,CVE-2023-53703,CVE-2023-53704,CVE-202
3-53707,CVE-2023-53708,CVE-2023-53711,CVE-2023-53713,CVE-2023-53718,CVE-2023-53721,CVE-2023-53722,CVE-2023-53725,CVE-2023-53726,CVE-2023-53727,CVE-2023-53728,CVE-2023-53729,CVE-2023-53730,CVE-2023-53731,CVE-2023-53733,CVE-2025-38008,CVE-2025-38539,CVE-2025-38552,CVE-2025-38653,CVE-2025-38699,CVE-2025-38700,CVE-2025-38718,CVE-2025-39673,CVE-2025-39676,CVE-2025-39683,CVE-2025-39697,CVE-2025-39702,CVE-2025-39756,CVE-2025-39794,CVE-2025-39797,CVE-2025-39812,CVE-2025-39813,CVE-2025-39828,CVE-2025-39841,CVE-2025-39851,CVE-2025-39866,CVE-2025-39876,CVE-2025-39881,CVE-2025-39895,CVE-2025-39902,CVE-2025-39911,CVE-2025-39931,CVE-2025-39934,CVE-2025-39937,CVE-2025-39938,CVE-2025-39945,CVE-2025-39946,CVE-2025-39947,CVE-2025-39948,CVE-2025-39949,CVE-2025-39952,CVE-2025-39955,CVE-2025-39957,CVE-2025-39965,CVE-2025-39967,CVE-2025-39968,CVE-2025-39969,CVE-2025-39970,CVE-2025-39971,CVE-2025-39972,CVE-2025-39973,CVE-2025-39978,CVE-2025-39981,CVE-2025-39982,CVE-2025-39985,CVE-2025-39986,CVE-2025-39987
,CVE-2025-39988,CVE-2025-39991,CVE-2025-39993,CVE-2025-39994,CVE-2025-39995,CVE-2025-39996,CVE-2025-39997,CVE-2025-40000,CVE-2025-40005,CVE-2025-40010,CVE-2025-40011,CVE-2025-40013,CVE-2025-40016,CVE-2025-40018,CVE-2025-40019,CVE-2025-40020,CVE-2025-40029,CVE-2025-40032,CVE-2025-40035,CVE-2025-40036,CVE-2025-40043,CVE-2025-40044,CVE-2025-40049,CVE-2025-40051,CVE-2025-40052,CVE-2025-40056,CVE-2025-40058,CVE-2025-40060,CVE-2025-40061,CVE-2025-40062,CVE-2025-40071,CVE-2025-40078,CVE-2025-40080,CVE-2025-40082,CVE-2025-40085,CVE-2025-40087,CVE-2025-40088,CVE-2025-40096,CVE-2025-40100
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939).
- CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211).
- CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230).
- CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
- CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224).
- CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182).
- CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
- CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320).
- CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
- CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286).
- CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319).
- CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
- CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
- CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595).
- CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
- CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032).
- CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205).
- CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296).
- CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
- CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
- CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
- CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
- CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702).
- CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114).
- CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
- CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
- CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
- CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
- CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
- CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
- CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
- CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
- CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
- CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
- CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
- CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
- CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).
The following non security issues were fixed:
- ACPI: battery: Add synchronization between interface updates (git-fixes).
- KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199).
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes).
- KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes).
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364).
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes).
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
- ext4: fix checks for orphan inodes (bsc#1250119).
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes).
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
- module: Prevent silent truncation of module name in delete_module(2) (git-fixes).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199).
- powerpc: export MIN RMA size (bsc#1236743 ltc#211409).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957).
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650).
- smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206).
- smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886).
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4179-1
Released: Mon Nov 24 08:27:54 2025
Summary: Recommended update for mozilla-nspr
Type: recommended
Severity: moderate
References:
This update for mozilla-nspr fixes the following issues:
- update to NSPR 4.36.2
* Fixed a syntax error in test file parsetm.c, which was introduced in 4.36.1
- update to NSPR 4.36.1
* Incorrect time value produced by PR_ParseTimeString and
PR_ParseTimeStringToExplodedTime if input string doesn't specify seconds.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4196-1
Released: Mon Nov 24 11:54:23 2025
Summary: Security update for grub2
Type: security
Severity: moderate
References: 1236744,1241132,1245953,1252269,1252930,1252931,1252932,1252933,1252934,1252935,CVE-2025-54770,CVE-2025-54771,CVE-2025-61661,CVE-2025-61662,CVE-2025-61663,CVE-2025-61664
This update for grub2 fixes the following issues:
- CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930)
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
- Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132)
- Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269)
The following package changes have been done:
- grub2-i386-pc-2.12-150600.8.44.2 updated
- grub2-x86_64-efi-2.12-150600.8.44.2 updated
- grub2-2.12-150600.8.44.2 updated
- kernel-default-6.4.0-150600.23.78.1 updated
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libsystemd0-254.27-150600.4.46.2 updated
- libudev1-254.27-150600.4.46.2 updated
- mozilla-nspr-4.36.2-150000.3.36.1 updated
- systemd-254.27-150600.4.46.2 updated
- udev-254.27-150600.4.46.2 updated
More information about the sle-container-updates
mailing list