SUSE-CU-2025:6678-1: Security update of private-registry/harbor-trivy-adapter

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Sep 1 09:44:29 UTC 2025 

SUSE Container Update Advisory: private-registry/harbor-trivy-adapter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6678-1
Container Tags        : private-registry/harbor-trivy-adapter:0.33.2 , private-registry/harbor-trivy-adapter:0.33.2-2.36 , private-registry/harbor-trivy-adapter:latest
Container Release     : 2.36
Severity              : important
Type                  : security
References            : 1212476 1216545 1218588 1218664 1232234 1240058 1243197 1245938
                        1245939 1245942 1245943 1245946 1246221 1246965 1247144 1247148
                        CVE-2024-10041 CVE-2025-27613 CVE-2025-27614 CVE-2025-46835 CVE-2025-48384
                        CVE-2025-48385 CVE-2025-8058 
-----------------------------------------------------------------

The container private-registry/harbor-trivy-adapter was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released:    Fri Aug 22 08:57:48 2025
Summary:     Recommended update for openssl-3
Type:        recommended
Severity:    moderate
References:  1247144,1247148
This update for openssl-3 fixes the following issues:

- Increased limit for CRL download (bsc#1247148, bsc#1247144)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released:    Fri Aug 22 14:52:39 2025
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:

- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released:    Mon Aug 25 10:27:57 2025
Summary:     Security update for pam
Type:        security
Severity:    moderate
References:  1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:

- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released:    Fri Aug 29 02:07:38 2025
Summary:     security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type:        security
Severity:    important
References:  1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:

git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):

- Security issues fixed:

  * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
  * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
  * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
  * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
  * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)

- Other changes and bugs fixed:
    
- Other changes and bugs fixed:
    
  * Added SHA256 support (bsc#1243197)
  * Git moved to /usr/libexec/git/git and updated AppArmor profile
    accordingly (bsc#1218588)
  * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
  * Do not replace apparmor configuration  (bsc#1216545)
  * Fixed the Python version required (bsc#1212476)
    
- Version Updates Release Notes:

  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc

git-lfs is included in version 3.7.0.

python-PyYAML was updated from version 6.0.1 to 6.0.2:

- Added support for Cython 3.x and Python 3.13

obs-scm-bridge was updated from version 0.5.4 to 0.7.4:

- New Features and Improvements:

  * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
    file.
  * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
    files.
  * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
    during checkout.
  * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
  * SSH URL Support: ssh:// SCM URLs can now be used.
  * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
  * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
    even when using subdirs.
  * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
  * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
  * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.

- Bugs fixed:

  * Syntax Fix: A syntax issue was corrected.
  * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
    tabs.


The following package changes have been done:

- glibc-2.38-150600.14.37.1 updated
- libopenssl3-3.1.4-150600.5.36.4 updated
- openssl-3-3.1.4-150600.5.36.4 updated
- pam-1.3.0-150000.6.86.1 updated
- git-core-2.51.0-150600.3.12.1 updated
- harbor-scanner-trivy-0.33.2-150600.1.1 updated
- system-user-harbor-2.13.2-150600.2.1 updated
- container:suse-sle15-15.6-0934acc60b392531bf6a68a99f0793b3e01c1027d0968caade3ec95a5cd1b2e6-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-1998c870659774535cf3fcd5f21bf2171bcd511edd7b5515cb3aa1c420e8a441-0 updated

More information about the sle-container-updates mailing list