SUSE-CU-2025:7156-1: Security update of bci/bci-busybox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Oct 1 08:56:07 UTC 2025
SUSE Container Update Advisory: bci/bci-busybox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7156-1
Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.39.1
Container Release : 39.1
Severity : moderate
Type : security
References : 1203397 1203399 1206798 1215943 1217580 1217584 1217585 1217883
1239176 1240058 1243201 1246965 CVE-2023-42363 CVE-2023-42364
CVE-2023-42365 CVE-2025-8058
-----------------------------------------------------------------
The container bci/bci-busybox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3271-1
Released: Thu Sep 18 15:33:49 2025
Summary: Security update for busybox, busybox-links
Type: security
Severity: moderate
References: 1203397,1203399,1206798,1215943,1217580,1217584,1217585,1217883,1239176,1243201,CVE-2023-42363,CVE-2023-42364,CVE-2023-42365
This update for busybox, busybox-links fixes the following issues:
Updated to version 1.37.0 (jsc#PED-13039):
- CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580)
- CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584)
- CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585)
Other fixes:
- fix generation of file lists via Dockerfile
- add copy of busybox.links from the container to catch changes
to busybox config
- Blacklist creating links for halt, reboot, shutdown commands to avoid accidental
use in a fully booted system (bsc#1243201)
- Add getfattr applet to attr filelist
- busybox-udhcpc conflicts with udhcp.
- Add new sub-package for udhcpc
- zgrep: don't set the label option as only the real grep
supports it (bsc#1215943)
- Add conflict for coreutils-systemd, package got splitted
- Check in filelists instead of buildrequiring all non-busybox utils
- Replace transitional %usrmerged macro with regular version check (bsc#1206798)
- Create sub-package 'hexedit' [bsc#1203399]
- Create sub-package 'sha3sum' [bsc#1203397]
- Drop update-alternatives support
- Add provides smtp_daemon to busybox-sendmail
- Add conflicts: mawk to busybox-gawk
- fix mkdir path to point to /usr/bin instead of /bin
- add placeholder variable and ignore applet logic to busybox.install
- enable halt, poweroff, reboot commands (bsc#1243201)
- Fully enable udhcpc and document that this tool needs special
configuration and does not work out of the box [bsc#1217883]
- Replace transitional %usrmerged macro with regular version check (bsc#1206798)
The following package changes have been done:
- busybox-adduser-1.37.0-150500.7.7.2 updated
- busybox-attr-1.37.0-150500.7.7.2 updated
- busybox-bc-1.37.0-150500.7.7.2 updated
- busybox-bind-utils-1.37.0-150500.7.7.2 updated
- busybox-bzip2-1.37.0-150500.7.7.2 updated
- busybox-coreutils-1.37.0-150500.7.7.2 updated
- busybox-cpio-1.37.0-150500.7.7.2 updated
- busybox-diffutils-1.37.0-150500.7.7.2 updated
- busybox-dos2unix-1.37.0-150500.7.7.2 updated
- busybox-ed-1.37.0-150500.7.7.2 updated
- busybox-findutils-1.37.0-150500.7.7.2 updated
- busybox-gawk-1.37.0-150500.7.7.2 updated
- busybox-grep-1.37.0-150500.7.7.2 updated
- busybox-gzip-1.37.0-150500.7.7.2 updated
- busybox-hexedit-1.37.0-150500.7.7.2 added
- busybox-hostname-1.37.0-150500.7.7.2 updated
- busybox-iproute2-1.37.0-150500.7.7.2 updated
- busybox-iputils-1.37.0-150500.7.7.2 updated
- busybox-kbd-1.37.0-150500.7.7.2 updated
- busybox-less-1.37.0-150500.7.7.2 updated
- busybox-links-1.37.0-150500.7.7.2 updated
- busybox-man-1.37.0-150500.7.7.2 updated
- busybox-misc-1.37.0-150500.7.7.2 updated
- busybox-ncurses-utils-1.37.0-150500.7.7.2 updated
- busybox-net-tools-1.37.0-150500.7.7.2 updated
- busybox-netcat-1.37.0-150500.7.7.2 updated
- busybox-patch-1.37.0-150500.7.7.2 updated
- busybox-policycoreutils-1.37.0-150500.7.7.2 updated
- busybox-procps-1.37.0-150500.7.7.2 updated
- busybox-psmisc-1.37.0-150500.7.7.2 updated
- busybox-sed-1.37.0-150500.7.7.2 updated
- busybox-selinux-tools-1.37.0-150500.7.7.2 updated
- busybox-sendmail-1.37.0-150500.7.7.2 updated
- busybox-sha3sum-1.37.0-150500.7.7.2 added
- busybox-sharutils-1.37.0-150500.7.7.2 updated
- busybox-sh-1.37.0-150500.7.7.2 updated
- busybox-syslogd-1.37.0-150500.7.7.2 updated
- busybox-sysvinit-tools-1.37.0-150500.7.7.2 updated
- busybox-tar-1.37.0-150500.7.7.2 updated
- busybox-telnet-1.37.0-150500.7.7.2 updated
- busybox-tftp-1.37.0-150500.7.7.2 updated
- busybox-time-1.37.0-150500.7.7.2 updated
- busybox-traceroute-1.37.0-150500.7.7.2 updated
- busybox-tunctl-1.37.0-150500.7.7.2 updated
- busybox-udhcpc-1.37.0-150500.7.7.2 added
- busybox-unzip-1.37.0-150500.7.7.2 updated
- busybox-util-linux-1.37.0-150500.7.7.2 updated
- busybox-vi-1.37.0-150500.7.7.2 updated
- busybox-vlan-1.37.0-150500.7.7.2 updated
- busybox-wget-1.37.0-150500.7.7.2 updated
- busybox-which-1.37.0-150500.7.7.2 updated
- busybox-whois-1.37.0-150500.7.7.2 updated
- busybox-xz-1.37.0-150500.7.7.2 updated
- busybox-1.37.0-150500.10.11.1 updated
- glibc-2.38-150600.14.37.1 updated
More information about the sle-container-updates
mailing list