SUSE-CU-2026:112-1: Security update of bci/php
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jan 6 16:20:25 UTC 2026
SUSE Container Update Advisory: bci/php
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:112-1
Container Tags : bci/php:8 , bci/php:8.3.23 , bci/php:8.3.23-18.3 , bci/php:latest
Container Release : 18.3
Severity : important
Type : security
References : 1110700 1115640 1156913 1164562 1166510 1166510 1174593 1177858
1178727 1181443 1184358 1185562 1190052 1191987 1194818 1195391
1196093 1196647 1196647 1197024 1197794 1198165 1198176 1198752
1199467 1200800 1201519 1201680 1204844 1205161 1207778 1210004
1211078 1211418 1211419 1213240 1214140 1215377 1216862 1217000
1218475 1219321 1221632 1228770 1230972 1232234 1232234 1243226
1243767 1244509 1246221 1255043 916845 953659 CVE-2013-4235 CVE-2013-4235
CVE-2018-17953 CVE-2021-46828 CVE-2023-22652 CVE-2023-2602 CVE-2023-2603
CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 CVE-2024-10041 CVE-2024-10041
CVE-2024-22365 CVE-2025-5278 CVE-2025-6018 CVE-2025-6020
-----------------------------------------------------------------
The container bci/php was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2569-1
Released: Fri Nov 2 19:00:18 2018
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1110700
This update for pam fixes the following issues:
- Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2018:2825-1
Released: Mon Dec 3 15:35:02 2018
Summary: Security update for pam
Type: security
Severity: important
References: 1115640,CVE-2018-17953
This update for pam fixes the following issue:
Security issue fixed:
- CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:44-1
Released: Tue Jan 8 13:07:32 2019
Summary: Recommended update for acl
Type: recommended
Severity: low
References: 953659
This update for acl fixes the following issues:
- test: Add helper library to fake passwd/group files.
- quote: Escape literal backslashes. (bsc#953659)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:525-1
Released: Fri Feb 28 11:49:36 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1164562
This update for pam fixes the following issues:
- Add libdb as build-time dependency to enable pam_userdb module.
Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:689-1
Released: Fri Mar 13 17:09:01 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for PAM fixes the following issue:
- The license of libdb linked against pam_userdb is not always wanted,
so we temporary disabled pam_userdb again. It will be published
in a different package at a later time. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:917-1
Released: Fri Apr 3 15:02:25 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1166510
This update for pam fixes the following issues:
- Moved pam_userdb into a separate package pam-extra. (bsc#1166510)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2083-1
Released: Thu Jul 30 10:27:59 2020
Summary: Recommended update for diffutils
Type: recommended
Severity: moderate
References: 1156913
This update for diffutils fixes the following issue:
- Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released: Fri Nov 20 13:14:35 2020
Summary: Recommended update for pam and sudo
Type: recommended
Severity: moderate
References: 1174593,1177858,1178727
This update for pam and sudo fixes the following issue:
pam:
- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)
sudo:
- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3620-1
Released: Thu Dec 3 17:03:55 2020
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References:
This update for pam fixes the following issues:
- Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720)
- Check whether the password contains a substring of of the user's name of at least `<N>` characters length in
some form. This is enabled by the new parameter `usersubstr=<N>`
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:339-1
Released: Mon Feb 8 13:16:07 2021
Summary: Optional update for pam
Type: optional
Severity: low
References:
This update for pam fixes the following issues:
- Added rpm macros for this package, so that other packages can make use of it
This patch is optional to be installed - it doesn't fix any bugs.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1643-1
Released: Wed May 19 13:51:48 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1181443,1184358,1185562
This update for pam fixes the following issues:
- Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
- Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to
an attempt to resolve it as a hostname (bsc#1184358)
- In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released: Wed Oct 20 16:48:46 2021
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1190052
This update for pam fixes the following issues:
- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released: Tue Oct 26 11:22:15 2021
Summary: Recommended update for pam
Type: recommended
Severity: important
References: 1191987
This update for pam fixes the following issues:
- Fixed a bad directive file which resulted in
the 'securetty' file to be installed as 'macros.pam'.
(bsc#1191987)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3910-1
Released: Tue Nov 8 13:05:04 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References:
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4135-1
Released: Mon Nov 21 00:13:40 2022
Summary: Recommended update for libeconf
Type: recommended
Severity: moderate
References: 1198165
This update for libeconf fixes the following issues:
- Update to version 0.4.6+git
- econftool:
Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter.
- libeconf:
Parse files correctly on space characters (1198165)
- Update to version 0.4.5+git
- econftool:
New call 'syntax' for checking the configuration files only. Returns an error string with line number if error.
New options '--comment' and '--delimeters'
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1199467
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:2765-1
Released: Mon Jul 3 20:28:14 2023
Summary: Security update for libcap
Type: security
Severity: moderate
References: 1211418,1211419,CVE-2023-2602,CVE-2023-2603
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2847-1
Released: Mon Jul 17 08:40:42 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1210004
This update for audit fixes the following issues:
- Check for AF_UNIX unnamed sockets (bsc#1210004)
- Enable livepatching on main library on x86_64
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3410-1
Released: Thu Aug 24 06:56:32 2023
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1201519,1204844
This update for audit fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
- Fix rules not loaded when restarting auditd.service (bsc#1204844)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3611-1
Released: Fri Sep 15 09:28:36 2023
Summary: Recommended update for sysuser-tools
Type: recommended
Severity: moderate
References: 1195391,1205161,1207778,1213240,1214140
This update for sysuser-tools fixes the following issues:
- Update to version 3.2
- Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
- Add 'quilt setup' friendly hint to %sysusers_requires usage
- Use append so if a pre file already exists it isn't overridden
- Invoke bash for bash scripts (bsc#1195391)
- Remove all systemd requires not supported on SLE15 (bsc#1214140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3954-1
Released: Tue Oct 3 20:09:47 2023
Summary: Security update for libeconf
Type: security
Severity: important
References: 1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4310-1
Released: Tue Oct 31 14:10:47 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4671-1
Released: Wed Dec 6 14:33:41 2023
Summary: Recommended update for man
Type: recommended
Severity: moderate
References:
This update of man fixes the following problem:
- The 'man' commands is delivered to SUSE Linux Enterprise Micro
to allow browsing man pages.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1216862
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:136-1
Released: Thu Jan 18 09:53:47 2024
Summary: Security update for pam
Type: security
Severity: moderate
References: 1217000,1218475,CVE-2024-22365
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1665-1
Released: Thu May 16 08:00:09 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1221632
This update for coreutils fixes the following issues:
- ls: avoid triggering automounts (bsc#1221632)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2630-1
Released: Tue Jul 30 09:12:44 2024
Summary: Security update for shadow
Type: security
Severity: important
References: 916845,CVE-2013-4235
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2808-1
Released: Wed Aug 7 09:49:32 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1228770,CVE-2013-4235
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2967-1
Released: Mon Aug 19 15:41:29 2024
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1194818
This update for pam fixes the following issue:
- Prevent cursor escape from the login prompt (bsc#1194818).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released: Mon Nov 4 12:08:29 2024
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1230972
This update for shadow fixes the following issues:
- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1334-1
Released: Thu Apr 17 09:03:05 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,CVE-2024-10041
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2013-1
Released: Wed Jun 18 20:05:07 2025
Summary: Security update for pam
Type: security
Severity: important
References: 1243226,1244509,CVE-2025-6018,CVE-2025-6020
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2362-1
Released: Fri Jul 18 11:07:24 2025
Summary: Security update for coreutils
Type: security
Severity: moderate
References: 1243767,CVE-2025-5278
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:35-1
Released: Tue Jan 6 09:42:19 2026
Summary: Recommended update for php8
Type: recommended
Severity: moderate
References: 1255043
This update for php8 fixes the following issues:
- main package require wwwrun:www user as it assumes it in filelist (bsc#1255043)
The following package changes have been done:
- libtirpc-netconfig-1.3.4-150300.3.23.1 added
- cracklib-dict-small-2.9.11-150600.1.90 added
- libsemanage-conf-3.5-150600.1.48 added
- libsepol2-3.5-150600.1.49 added
- libattr1-2.4.47-2.19 added
- fillup-1.42-2.18 added
- libeconf0-0.5.2-150400.3.6.1 added
- libcap2-2.63-150400.3.3.1 added
- libaudit1-3.0.6-150400.4.16.1 added
- login_defs-4.8.1-150600.17.9.1 added
- libacl1-2.2.52-4.3.1 added
- libcrack2-2.9.11-150600.1.90 added
- cracklib-2.9.11-150600.1.90 added
- libsemanage2-3.5-150600.1.48 added
- grep-3.11-150700.1.8 added
- coreutils-8.32-150400.9.9.1 added
- diffutils-3.6-4.3.1 added
- permissions-20240826-150700.14.4 added
- libtirpc3-1.3.4-150300.3.23.1 added
- libnsl2-1.2.0-2.44 added
- pam-1.3.0-150000.6.86.1 added
- shadow-4.8.1-150600.17.9.1 added
- sysuser-shadow-3.2-150400.3.5.3 added
- system-user-wwwrun-20170617-150400.24.2.1 added
- php8-cli-8.3.23-150700.3.6.1 updated
- php8-8.3.23-150700.3.6.1 updated
- php8-openssl-8.3.23-150700.3.6.1 updated
- php8-mbstring-8.3.23-150700.3.6.1 updated
- php8-zlib-8.3.23-150700.3.6.1 updated
- php8-readline-8.3.23-150700.3.6.1 updated
- php8-curl-8.3.23-150700.3.6.1 updated
- php8-zip-8.3.23-150700.3.6.1 updated
- php8-phar-8.3.23-150700.3.6.1 updated
- container:registry.suse.com-bci-bci-base-15.7-17d580e01de81ee10782633976ab6983923855d96e8b6342192d8486fa7933cf-0 updated
More information about the sle-container-updates
mailing list