SUSE-CU-2025:7781-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:16:06 UTC 2025
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7781-1
Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.5.1 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.5.1.7.26.2 , suse/manager/5.0/x86_64/server-migration-14-16:latest
Container Release : 7.26.2
Severity : important
Type : security
References : 1221107 1229655 1230262 1232234 1232526 1233012 1237442 1238491
1239566 1239938 1240058 1240788 1241549 1243273 1243767 1243991
1244032 1244050 1244056 1244059 1244060 1244061 1244401 1244554
1244555 1244557 1244590 1244700 1244705 1245573 1246221 1246296
1246697 1246965 1247144 1247148 1247249 1248119 1248119 1248119
1248120 1248120 1248120 1248122 1248122 1248122 1249584 1250232
1250232 831629 CVE-2024-10041 CVE-2024-12718 CVE-2024-2236 CVE-2025-4138
CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-49794
CVE-2025-49795 CVE-2025-49796 CVE-2025-5278 CVE-2025-59375 CVE-2025-6021
CVE-2025-6069 CVE-2025-6170 CVE-2025-6297 CVE-2025-7425 CVE-2025-8058
CVE-2025-8194 CVE-2025-8713 CVE-2025-8713 CVE-2025-8713 CVE-2025-8714
CVE-2025-8714 CVE-2025-8714 CVE-2025-8715 CVE-2025-8715 CVE-2025-8715
CVE-2025-9230 CVE-2025-9230
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2301-1
Released: Mon Jul 14 11:48:57 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1229655
This update for cyrus-sasl fixes the following issues:
- Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097)
- Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2314-1
Released: Tue Jul 15 14:34:08 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1244554,1244555,1244557,1244590,1244700,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2447-1
Released: Mon Jul 21 16:45:25 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2758-1
Released: Tue Aug 12 12:05:22 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released: Wed Aug 13 08:45:57 2025
Summary: Security update for python3
Type: security
Severity: important
References: 1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2841-1
Released: Mon Aug 18 13:01:25 2025
Summary: Recommended update for openssl-1_1
Type: recommended
Severity: moderate
References: 1246697
This update for openssl-1_1 fixes the following issues:
- FIPS: Use the NID_X9_62_prime256v1 curve in ECDSA KAT test
instead of NID_secp256k1. [bsc#1246697]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2986-1
Released: Tue Aug 26 12:41:07 2025
Summary: Security update for postgresql17
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql17 fixes the following issues:
Updated to 17.6:
* CVE-2025-8713: Fixed optimizer statistics exposing
sampled data within a view, partition, or child table
(bsc#1248120)
* CVE-2025-8714: Fixed untrusted data inclusion in pg_dump
allows superuser of origin server to execute arbitrary code
in psql client (bsc#1248122)
* CVE-2025-8715: Fixed improper neutralization of newlines
in pg_dump leading to arbitrary code execution in the psql
client and in the restore target server (bsc#1248119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3019-1
Released: Fri Aug 29 10:31:50 2025
Summary: Security update for postgresql14
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql14 fixes the following issues:
Upgrade to 14.19:
- CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120).
- CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql
client (bsc#1248122).
- CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and
in restore target server (bsc#1248119).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3005-1
Released: Thu Sep 11 12:21:40 2025
Summary: Security update for postgresql16
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql16 fixes the following issues:
Upgraded to 16.10:
* CVE-2025-8713: Fixed optimizer statistics exposing
sampled data within a view, partition, or child table
(bsc#1248120)
* CVE-2025-8714: Fixed untrusted data inclusion in pg_dump
allows superuser of origin server to execute arbitrary code
in psql client (bsc#1248122)
* CVE-2025-8715: Fixed improper neutralization of newlines
in pg_dump leading to arbitrary code execution in the psql
client and in the restore target server (bsc#1248119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3443-1
Released: Tue Sep 30 16:54:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- glibc-2.38-150600.14.37.1 updated
- libsasl2-3-2.1.28-150600.7.6.2 updated
- libxml2-2-2.10.3-150500.5.32.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- libgcrypt20-1.10.3-150600.3.9.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.39.1 updated
- coreutils-8.32-150400.9.9.1 updated
- pam-1.3.0-150000.6.86.1 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- libsystemd0-254.27-150600.4.43.3 updated
- glibc-locale-base-2.38-150600.14.37.1 updated
- libopenssl1_1-1.1.1w-150600.5.18.1 updated
- libpq5-17.6-150600.13.16.1 updated
- glibc-locale-2.38-150600.14.37.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- python3-base-3.6.15-150300.10.97.1 updated
- postgresql14-14.19-150600.16.20.1 updated
- postgresql16-16.10-150600.16.21.1 updated
- postgresql14-server-14.19-150600.16.20.1 updated
- postgresql16-server-16.10-150600.16.21.1 updated
- postgresql16-contrib-16.10-150600.16.21.1 updated
- postgresql14-contrib-14.19-150600.16.20.1 updated
- container:suse-manager-5.0-init-5.0.5.1-5.0.5.1-7.24.10 added
- container:suse-manager-5.0-init-5.0.5-5.0.5-7.21.12 removed
More information about the sle-container-updates
mailing list