SUSE-IU-2025:3095-1: Security update of suse/sl-micro/6.1/kvm-os-container

Tue Oct 21 07:13:02 UTC 2025

SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3095-1
Image Tags        : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.44 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release     : 5.44
Severity          : important
Type              : security
References        : 1219276 1223903 1239749 1241205 1242011 1246974 1247286 1247495
                        1248158 1249375 CVE-2022-48622 CVE-2024-40635 CVE-2025-8114 CVE-2025-8277
-----------------------------------------------------------------

The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 310
Released:    Mon Oct 20 18:26:21 2025
Summary:     Recommended update for aaa_base
Type:        recommended
Severity:    important
References:  1219276,1223903,1241205,1242011,1247286,1247495,1248158,CVE-2022-48622
This update for aaa_base fixes the following issues:

Update to version 84.87+git20250903.33e5ba4:

  * Correct fix for bsc#1247495 (bsc#1248158)

Update to version 84.87+git20250805.3069494:

  * Remove initviocons for tcsh as well and
  * Update csh.login
  * Add missing quoting and remove unneeded uses of eval

Update to version 84.87+git20250801.f305627:

  * Remove sysconfig.language [bsc#1247286]

Update to version 84.87+git20250801.b2fa3fe:

  * Allow /etc/locale.conf to have no newline

Update to version 84.87+git20250429.1cad3bc:

  * Remove alias 'you' (bsc#1242011)

Update to version 84.87+git20250425.1664836:

  * alias.bash: future-proof egrep/fgrep color aliases

Update to version 84.87+git20250410.71df276:

  * Modern s390x uses TERM=linux for ttysclp<X>

Update to version 84.87+git20250313.4dd1cfd:

  * DIR_COLORS: add backup and temporary file extensions
  * DIR_COLORS: sort audio formats
  * DIR_COLORS: use cyan for audio formats instead of green
  * DIR_COLORS: add 'avif' to image formats
  * DIR_COLORS: add updated and sorted list of archive formats
  * DIR_COLORS: don't colour DOS/Windows executables
  * DIR_COLORS: update existing colours and add missing ones
  * DIR_COLORS: add COLORTERM and 'st' terminal
  * DIR_COLORS: update file description
  * DIR_COLORS: sort TERM entries
  * DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT

Update to version 84.87+git20250313.e71c2f4:

  * Respect PROFILEREAD/CSHRCREAD at shell switch
  * Modernize specfile
  * Add safety quotes and proper escaping
  * Avoid bashisms in build recipe
  * Add setup-systemd-proxy-env
  * profile.{sh,csh}: Drop useless proxy variables cleanup

Update to version 84.87+git20250102.c08e614:

  * Load distrobox_profile.sh

-----------------------------------------------------------------
Advisory ID: 309
Released:    Mon Oct 20 18:31:36 2025
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1239749,1246974,1249375,CVE-2024-40635,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:

- CVE-2025-8114: Fixed NULL pointer dereference when calculating the session ID 
  during the key exchange (KEX) process (bsc#1246974)
- CVE-2025-8277: Fixed Memory Exhaustion via Repeated Key Exchange (bsc#1249375)

The following package changes have been done:

- SL-Micro-release-6.1-slfo.1.11.61 updated
- aaa_base-84.87+git20250903.33e5ba4-slfo.1.1_1.1 updated
- libssh-config-0.10.6-slfo.1.1_3.1 updated
- libssh4-0.10.6-slfo.1.1_3.1 updated
- container:SL-Micro-base-container-2.2.1-5.41 updated