SUSE-CU-2025:7775-1: Security update of suse/manager/5.0/x86_64/proxy-squid
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:05:38 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7775-1
Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.5.1 , suse/manager/5.0/x86_64/proxy-squid:5.0.5.1.7.26.1 , suse/manager/5.0/x86_64/proxy-squid:latest
Container Release : 7.26.1
Severity : important
Type : security
References : 1229655 1230262 1232234 1232526 1237442 1238491 1239566 1239938
1240058 1240788 1241219 1241549 1243226 1243767 1243991 1244050
1244079 1244509 1244554 1244555 1244557 1244590 1244700 1246221
1246296 1246597 1246965 1247144 1247148 1250232 CVE-2024-10041
CVE-2025-3576 CVE-2025-40909 CVE-2025-49794 CVE-2025-49795 CVE-2025-49796
CVE-2025-5278 CVE-2025-6018 CVE-2025-6020 CVE-2025-6021 CVE-2025-6170
CVE-2025-6965 CVE-2025-7425 CVE-2025-8058 CVE-2025-9230
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2027-1
Released: Thu Jun 19 17:15:41 2025
Summary: Security update for perl
Type: security
Severity: moderate
References: 1244079,CVE-2025-40909
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2237-1
Released: Mon Jul 7 14:59:13 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References:
This update for openssl-3 fixes the following issues:
- Backport mdless cms signing support [jsc#PED-12895]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2301-1
Released: Mon Jul 14 11:48:57 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1229655
This update for cyrus-sasl fixes the following issues:
- Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097)
- Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2314-1
Released: Tue Jul 15 14:34:08 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2758-1
Released: Tue Aug 12 12:05:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- glibc-2.38-150600.14.37.1 updated
- libsasl2-3-2.1.28-150600.7.6.2 updated
- perl-base-5.26.1-150300.17.20.1 updated
- libxml2-2-2.10.3-150500.5.32.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated
- krb5-1.20.1-150600.11.14.1 updated
- coreutils-8.32-150400.9.9.1 updated
- pam-1.3.0-150000.6.86.1 updated
- container:sles15-image-15.6.0-47.24.1 updated
More information about the sle-container-updates
mailing list