SUSE-CU-2025:7777-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:05:53 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7777-1
Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.5.1 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.5.1.7.26.1 , suse/manager/5.0/x86_64/proxy-tftpd:latest
Container Release : 7.26.1
Severity : important
Type : security
References : 1230262 1232526 1233012 1233012 1233012 1233012 1233012 1233012
1237442 1238491 1239566 1239938 1240058 1240788 1241219 1241549
1243273 1243767 1243991 1244032 1244050 1244056 1244059 1244060
1244061 1244401 1244705 1244925 1245573 1246570 1246597 1246697
1246965 1247144 1247148 1247249 1249584 1250232 1250232 831629
CVE-2024-12718 CVE-2025-3576 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435
CVE-2025-4516 CVE-2025-4517 CVE-2025-50181 CVE-2025-5278 CVE-2025-59375
CVE-2025-6069 CVE-2025-6297 CVE-2025-6965 CVE-2025-8058 CVE-2025-8194
CVE-2025-9230 CVE-2025-9230
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2237-1
Released: Mon Jul 7 14:59:13 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References:
This update for openssl-3 fixes the following issues:
- Backport mdless cms signing support [jsc#PED-12895]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2543-1
Released: Tue Jul 29 11:09:01 2025
Summary: Recommended update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3
Type: recommended
Severity: moderate
References: 1233012
This update for python-PyYAML, python-bcrypt, python-gssapi, python-pyparsing, python-python-dateutil, python-pytz, python-requests, python-setuptools_scm, python-simplejson, python-urllib3 fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2572-1
Released: Thu Jul 31 11:11:10 2025
Summary: Recommended update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp
Type: recommended
Severity: moderate
References: 1233012
This update for python-colorama, python-importlib-metadata, python-parameterized, python-pluggy, python-py, python-scp, python-wheel, python-zipp fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2573-1
Released: Thu Jul 31 11:15:06 2025
Summary: Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six
Type: recommended
Severity: moderate
References: 1233012
This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2574-1
Released: Thu Jul 31 11:19:37 2025
Summary: Recommended update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools
Type: recommended
Severity: moderate
References: 1233012
This update for python3-PyNaCl, python3-atomicwrites, python3-cryptography, python3-cryptography-vectors, python3-more-itertools, python3-paramiko, python3-pip, python3-pyOpenSSL, python3-pytest, python3-setuptools fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released: Mon Aug 4 15:06:13 2025
Summary: Security update for sqlite3
Type: security
Severity: important
References: 1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2761-1
Released: Tue Aug 12 14:17:29 2025
Summary: Recommended update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa
Type: recommended
Severity: moderate
References: 1233012
This update for python-appdirs, python-asn1crypto, python-certifi, python-chardet, python-docutils, python-idna, python-iso8601, python-jmespath, python-ply, python-pretend, python-pyasn1, python-pyasn1-modules, python-pycparser, python-rsa fixes the following issues:
- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:2763-1
Released: Tue Aug 12 14:45:40 2025
Summary: Optional update for libyaml
Type: optional
Severity: moderate
References: 1246570
This update for libyaml ships the missing libyaml-0-2 library package to
SUSE MicroOS 5.1 and 5.2.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2841-1
Released: Mon Aug 18 13:01:25 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2985-1
Released: Mon Aug 25 15:55:03 2025
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1244925,CVE-2025-50181
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3443-1
Released: Tue Sep 30 16:54:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- glibc-2.38-150600.14.37.1 updated
- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated
- krb5-1.20.1-150600.11.14.1 updated
- coreutils-8.32-150400.9.9.1 updated
- openssl-3-3.1.4-150600.5.39.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- libopenssl1_1-1.1.1w-150600.5.18.1 updated
- libyaml-0-2-0.1.7-150000.3.4.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- python3-3.6.15-150300.10.97.2 updated
- python3-six-1.14.0-150200.15.1 updated
- python3-pyparsing-2.4.7-150300.3.3.1 updated
- python3-pycparser-2.17-150000.3.5.1 updated
- python3-pyasn1-0.4.2-150000.3.8.1 updated
- python3-iniconfig-1.1.1-150000.1.13.1 updated
- python3-idna-2.6-150000.3.6.1 updated
- python3-chardet-3.0.4-150000.5.6.1 updated
- python3-certifi-2018.1.18-150000.3.6.1 updated
- python3-asn1crypto-0.24.0-150000.3.5.1 updated
- python3-appdirs-1.4.3-150000.3.3.1 updated
- python3-PyYAML-5.4.1-150300.3.6.1 updated
- python3-packaging-21.3-150200.3.6.1 updated
- python3-cffi-1.13.2-150200.3.5.1 updated
- python3-py-1.10.0-150100.5.15.1 updated
- python3-setuptools-44.1.1-150400.9.15.1 updated
- python3-cryptography-3.3.2-150400.26.1 updated
- python3-pyOpenSSL-21.0.0-150400.10.1 updated
- python3-urllib3-1.25.10-150300.4.18.1 updated
- python3-requests-2.25.1-150300.3.18.1 updated
- container:sles15-image-15.6.0-47.24.1 updated
More information about the sle-container-updates
mailing list