SUSE-CU-2025:7793-1: Security update of suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Oct 30 14:24:15 UTC 2025
SUSE Container Update Advisory: suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7793-1
Container Tags : suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:5.1.1.8.7.1 , suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api:latest
Container Release : 8.7.1
Severity : important
Type : security
References : 1221107 1230262 1230959 1231748 1232234 1232326 1232526 1237442
1237595 1238491 1239566 1239618 1239938 1240058 1240788 1241219
1241549 1243991 1244050 1244553 1245573 1246197 1246221 1246428
1246522 1246835 1246934 1246965 1246974 1247144 1247148 1249191
1249348 1249367 1249375 1249584 1250232 1251264 CVE-2024-10041
CVE-2024-2236 CVE-2024-8176 CVE-2025-10148 CVE-2025-3576 CVE-2025-59375
CVE-2025-6297 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086
CVE-2025-9230
-----------------------------------------------------------------
The container suse/multi-linux-manager/5.1/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released: Fri Aug 1 17:35:01 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:
- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released: Wed Aug 6 11:36:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References:
This update for systemd fixes the following issues:
- triggers.systemd: skip update of hwdb, journal-catalog if executed during
an offline update.
- systemd-repart is no more considered as experimental (jsc#PED-13213)
- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2719-1
Released: Thu Aug 7 05:38:32 2025
Summary: Security update for libgcrypt
Type: security
Severity: moderate
References: 1221107,1246934,CVE-2024-2236
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released: Thu Aug 7 05:38:44 2025
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References:
This update for crypto-policies fixes the following issues:
- Update the BSI policy (jsc#PED-12880)
* BSI: switch to 3072 minimum RSA key size
* BSI: Update BSI policy for new 2024 minimum
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2734-1
Released: Fri Aug 8 10:05:10 2025
Summary: Security update for dpkg
Type: security
Severity: moderate
References: 1245573,CVE-2025-6297
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released: Wed Aug 13 10:28:27 2025
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:
Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Allow GCC executables to be built PIE. [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string. [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2874-1
Released: Tue Aug 19 06:07:47 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: important
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increase limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3066-1
Released: Thu Sep 4 08:37:17 2025
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: moderate
References: 1244553,1246835
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable sysstat_collect.timer and sysstat_summary.timer
(bsc#1244553, bsc#1246835).
- Modified default SLE presets.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3228-1
Released: Mon Sep 15 14:51:02 2025
Summary: Recommended update for console-setup, kbd
Type: recommended
Severity: important
References: 1246522
This update for console-setup and kbd fixes the following issues:
console-setup:
- Fix unicode check (bsc#1246522)
kbd:
- Improve error message on unsupported unicode value
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3239-1
Released: Tue Sep 16 19:04:00 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
expat was updated to version 2.7.1:
- Bug fixes:
- Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
- Other changes:
- Fix printf format specifiers for 32bit Emscripten
- docs: Promote OpenSSF Best Practices self-certification
- tests/benchmark: Resolve mistaken double close
- Address compiler warnings
- Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Version update to 2.7.0 (CVE-2024-8176, bsc#1239618, jsc#PED-12507)
* Security fixes:
- CVE-2024-8176 -- Fix crash from chaining a large number of
entities caused by stack overflow by resolving use of recursion,
for all three uses of entities: - general entities in character data
('<e>&g1;</e>') - general entities in attribute values
('<e k1='&g1;'/>') - parameter entities ('%p1;')
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
- docs: Add missing documentation of error code XML_ERROR_NOT_STARTED
that was introduced with 2.6.4
- docs: Document need for C++11 compiler for use from C++
- Address Cppcheck warnings
- Mass-migrate links from http:// to https://
- Document changes since the previous release
- Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3371-1
Released: Fri Sep 26 13:41:03 2025
Summary: Recommended update for sysconfig
Type: recommended
Severity: important
References: 1237595
This update for sysconfig fixes the following issues:
- Update to version 0.85.10
- codespell run for all repository files and changes file
- spec: define permissions for ghost file attrs to avoid
rpm --restore resets them to 0 (bsc#1237595).
- spec: fix name-repeated-in-summary rpmlint warning
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3508-1
Released: Thu Oct 9 10:32:56 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3546-1
Released: Sat Oct 11 03:21:33 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3596-1
Released: Wed Oct 15 09:51:21 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1251264
This update for curl fixes the following issue:
- rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
The following package changes have been done:
- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libssh-config-0.9.8-150600.11.6.1 updated
- glibc-2.38-150600.14.37.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- libudev1-254.27-150600.4.43.3 updated
- libopenssl3-3.2.3-150700.5.21.1 updated
- libgcrypt20-1.11.0-150700.5.7.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.21.1 updated
- krb5-1.20.1-150600.11.14.1 updated
- libssh4-0.9.8-150600.11.6.1 updated
- libcurl4-8.14.1-150700.7.2.1 updated
- pam-1.3.0-150000.6.86.1 updated
- kbd-2.4.0-150700.15.6.1 updated
- libexpat1-2.7.1-150700.3.6.1 updated
- update-alternatives-1.19.0.4-150000.4.7.1 updated
- libsystemd0-254.27-150600.4.43.3 updated
- systemd-presets-branding-SLE-15.1-150600.35.3.1 updated
- systemd-254.27-150600.4.43.3 updated
- sysconfig-0.85.10-150200.15.1 updated
- sysconfig-netconfig-0.85.10-150200.15.1 updated
- container:bci-bci-base-15.7-231a93ad62347ed0484baa9242d06c7c7fc48241452613423a9c25e30102fb8f-0 updated
More information about the sle-container-updates
mailing list