SUSE-SU-2025:20844-1

Vulnerability from csaf_suse - Published: 2025-10-09 14:42 - Updated: 2025-10-09 14:42
Summary
Security update for aaa_base

Notes

Title of the patch
Security update for aaa_base
Description of the patch
This update for aaa_base fixes the following issues: Update to version 84.87+git20240906.742565b: * yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763) * Avoid unnecessary /bin/bash dependency * sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117) Update to version 84.87+git20240821.fbabe1d: * Add helper service for soft-reboot Update to version 84.87+git20240809.5d13eb4: * cleanup aaa_base.post and fold back into specfile Update to version 84.87+git20240805.7513b28: * Remove obsolete resolv+ manual page * Remove obsolete defaultdomain.5 manual page * Move /etc/skel to /usr/etc/skel (hermetic-usr) * Remove obsolete refresh_initrd * Add deprecation notice for service [jsc#PED-266] Update to version 84.87+git20240801.75f05dd: * sysctl: Don't set kernel.pid_max on 32b archs (bsc#1227117) Update to version 84.87+git20240620.57ee9e1: * Remove legacy-actions support [jsc#PED-264] Update to version 84.87+git20240617.f5ff27f: * add /usr/bin/nu to etc/shells for nushell Update to version 84.87+git20240614.332933e: * Do not save/restore cursor for foot at status line * Add tmux and others to DIR_COLORS (Issue #116) * Remove kernel.pid_max limit (bsc#1219038) * Add subpackge to enable ptrace Update to version 84.87+git20240523.10a5692: * Add tmpfiles.d/soft-reboot-cleanup.conf Update to version 84.87+git20240415.e6815bf: * drop obsolete 50-default-s390.conf (bsc#1211721) * fix typo in alljava.csh and drop stderr redirection Update to version 84.87+git20240402.16596d1: * add alacritty to DIR_COLORS * Make sure tput it present before resetting TERM * Add mc helpers for both tcsh and bash resources * Do not overwrite escape sequences for xterm like * Check for valid TERM Update to version 84.87+git20240202.9526d46: * properly shorten the variable when setting JAVA_HOME and JRE_HOME * silence output of alljava * Restrict ptrace with Yama LSM by default * patch alljava.sh and alljava.csh, use the links from update alternatives Update to version 84.87+git20231023.f347d36: * Remove %ghost lastlog entry, lastlog is long gone * Remove shaky safe-rm and safe-rmdir helpers (bsc#1159103)
Patchnames
SUSE-SLE-Micro-6.0-485
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for aaa_base",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for aaa_base fixes the following issues:\n\nUpdate to version 84.87+git20240906.742565b:\n\n  * yama-enable-ptrace: enforce changed behavior upon installation (bsc#1221763)\n  * Avoid unnecessary /bin/bash dependency\n  * sysctl: Fixup of not setting kernel.pid_max on 32b archs (bsc#1227117)\n\nUpdate to version 84.87+git20240821.fbabe1d:\n\n  * Add helper service for soft-reboot\n\nUpdate to version 84.87+git20240809.5d13eb4:\n\n  * cleanup aaa_base.post and fold back into specfile\n\nUpdate to version 84.87+git20240805.7513b28:\n\n  * Remove obsolete resolv+ manual page\n  * Remove obsolete defaultdomain.5 manual page\n  * Move /etc/skel to /usr/etc/skel (hermetic-usr)\n  * Remove obsolete refresh_initrd\n  * Add deprecation notice for service [jsc#PED-266]\n\nUpdate to version 84.87+git20240801.75f05dd:\n\n  * sysctl: Don\u0027t set kernel.pid_max on 32b archs (bsc#1227117)\n\nUpdate to version 84.87+git20240620.57ee9e1:\n\n  * Remove legacy-actions support [jsc#PED-264]\n\nUpdate to version 84.87+git20240617.f5ff27f:\n\n  * add /usr/bin/nu to etc/shells for nushell\n\nUpdate to version 84.87+git20240614.332933e:\n\n  * Do not save/restore cursor for foot at status line\n  * Add tmux and others to DIR_COLORS (Issue #116)\n  * Remove kernel.pid_max limit (bsc#1219038)\n  * Add subpackge to enable ptrace\n\nUpdate to version 84.87+git20240523.10a5692:\n\n  * Add tmpfiles.d/soft-reboot-cleanup.conf\n\nUpdate to version 84.87+git20240415.e6815bf:\n\n  * drop obsolete 50-default-s390.conf (bsc#1211721)\n  * fix typo in alljava.csh and drop stderr redirection\n\nUpdate to version 84.87+git20240402.16596d1:\n\n  * add alacritty to DIR_COLORS\n  * Make sure tput it present before resetting TERM\n  * Add mc helpers for both tcsh and bash resources\n  * Do not overwrite escape sequences for xterm like\n  * Check for valid TERM\n\nUpdate to version 84.87+git20240202.9526d46:\n\n  * properly shorten the variable when setting JAVA_HOME and JRE_HOME\n  * silence output of alljava\n  * Restrict ptrace with Yama LSM by default\n  * patch alljava.sh and alljava.csh, use the links from update alternatives\n\nUpdate to version 84.87+git20231023.f347d36:\n\n  * Remove %ghost lastlog entry, lastlog is long gone\n  * Remove shaky safe-rm and safe-rmdir helpers (bsc#1159103)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-485",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20844-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20844-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520844-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20844-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-October/023029.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1159103",
        "url": "https://bugzilla.suse.com/1159103"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1211721",
        "url": "https://bugzilla.suse.com/1211721"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219038",
        "url": "https://bugzilla.suse.com/1219038"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1221763",
        "url": "https://bugzilla.suse.com/1221763"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1227117",
        "url": "https://bugzilla.suse.com/1227117"
      }
    ],
    "title": "Security update for aaa_base",
    "tracking": {
      "current_release_date": "2025-10-09T14:42:20Z",
      "generator": {
        "date": "2025-10-09T14:42:20Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20844-1",
      "initial_release_date": "2025-10-09T14:42:20Z",
      "revision_history": [
        {
          "date": "2025-10-09T14:42:20Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "aaa_base-84.87+git20240906.742565b-1.1.aarch64",
                "product": {
                  "name": "aaa_base-84.87+git20240906.742565b-1.1.aarch64",
                  "product_id": "aaa_base-84.87+git20240906.742565b-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "aaa_base-84.87+git20240906.742565b-1.1.s390x",
                "product": {
                  "name": "aaa_base-84.87+git20240906.742565b-1.1.s390x",
                  "product_id": "aaa_base-84.87+git20240906.742565b-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "aaa_base-84.87+git20240906.742565b-1.1.x86_64",
                "product": {
                  "name": "aaa_base-84.87+git20240906.742565b-1.1.x86_64",
                  "product_id": "aaa_base-84.87+git20240906.742565b-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aaa_base-84.87+git20240906.742565b-1.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:aaa_base-84.87+git20240906.742565b-1.1.aarch64"
        },
        "product_reference": "aaa_base-84.87+git20240906.742565b-1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aaa_base-84.87+git20240906.742565b-1.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:aaa_base-84.87+git20240906.742565b-1.1.s390x"
        },
        "product_reference": "aaa_base-84.87+git20240906.742565b-1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "aaa_base-84.87+git20240906.742565b-1.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:aaa_base-84.87+git20240906.742565b-1.1.x86_64"
        },
        "product_reference": "aaa_base-84.87+git20240906.742565b-1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.