SUSE-SLE-Module-Containers-15-SP7-2025-2289 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.2.2_ce-150000.227.1.src.rpm docker-bash-completion-28.2.2_ce-150000.227.1.noarch.rpm docker-rootless-extras-28.2.2_ce-150000.227.1.noarch.rpm docker-stable-24.0.9_ce-150000.1.22.1.src.rpm docker-stable-24.0.9_ce-150000.1.22.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.22.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1830 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm-mirror fixes the following issues: - CVE-2025-32386: Fixed denial of service due to memory exhaustion after loading a specially crafter chart (bsc#1241028) - CVE-2025-32387: Fixed stack overflow due to parser recursion that can exceed the stack size limit (bsc#1241031) helm-mirror-0.3.1-150000.1.18.2.src.rpm helm-mirror-0.3.1-150000.1.18.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1596 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security (patch) release. Users are strongly recommended to update to this release. * Changelog - Unarchiving fix e4da497 (Matt Farina) helm-3.17.3-150000.1.47.1.src.rpm helm-3.17.3-150000.1.47.1.x86_64.rpm helm-bash-completion-3.17.3-150000.1.47.1.noarch.rpm helm-zsh-completion-3.17.3-150000.1.47.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1612 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for python-durationpy, python3-kubernetes fixes the following issues: python3-kubernetes was updated from version 26.1.0 to 31.0.0 (jsc#PED-12710, PED-12477): - Key changes in version 31.0.0: - Alignment with significant API changes in Kubernetes. - Enhancements to Dynamic Resource Allocation (DRA) with new API versions and features. - Node improvements like user namespace support and supplemental group policies scheduling performance upgrades. - Changes to API servers include such as atomic updates for Ingress objects and tricter validation of encryption provider configurations. - Kube-proxy now has a "primary" nodeport address option, and several feature gates have graduated or been removed. - Improvements to CustomResourceDefinitions (CRDs), Service CIDR allocation, OCI artifact-based volumes, and logging. - Full list of changes: https://github.com/kubernetes-client/python/blob/v31.0.0/CHANGELOG.md - Key changes in version 29.0.0: - Updates to API versions for scheduling components and priority/fairness mechanism. - Enhanced configuration options for kube-proxy (including a new experimental mode). - Improved handling of authentication and authorization through configuration files. - New capabilities for pod lifecycle management (pre-stop hooks), resource management (image garbage collection), and network configuration, along with more flexible options for pod affinity and anti-affinity rules. - Full list of changes: https://github.com/kubernetes-client/python/blob/v29.0.0/CHANGELOG.md#v2900 - Key changes in version 28.1.0: - API improvements and updates, notably the removal of a deprecated API version for kube-scheduler configurations, requiring migration. - New features were also added, such as sidecar containers for enhanced pod lifecycle management, more granular control over Job retry limits, and improvements to CustomResourceDefinition (CRD) validation. - Updates were also made to pod management, networking, and security, with a general focus on enhancing flexibility, performance, and user experience. - Full list of changes: https://github.com/kubernetes-client/python/blob/v28.1.0/CHANGELOG.md - Key changes in version 27.2.0: - Enhancements to admission control policies, including features for runtime cost calculation and audit annotations. - Networking received updates with a new ClusterIP allocator, and a new API (ClusterTrustBundle) was introduced. - Scheduling was optimized through adjustments to pod affinity, and API interactions were improved with the implementation of streaming for the watch-cache. - Component updates included increased QPS limits for the kubelet. - Changes related to pods involve label updates, mutable resource type and resize policies. - Changes to API server encryption. - Improved logging capabilities. - Deprecations and removals of older features. - Full list of changes: https://github.com/kubernetes-client/python/blob/v27.2.0/CHANGELOG.md python-durationpy-0.9-150400.9.6.2.src.rpm python3-durationpy-0.9-150400.9.6.2.x86_64.rpm python3-kubernetes-31.0.0-150400.21.2.noarch.rpm python3-kubernetes-31.0.0-150400.21.2.src.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1734 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for nvidia-container-runtime fixes the following issues: - disable PIE again, the tool does not start. (bsc#1242429) nvidia-container-runtime-3.5.0-150200.5.9.1.src.rpm nvidia-container-runtime-3.5.0-150200.5.9.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1798 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old fixes the following issues: This ships kubernetes-client version 1.30.12. (jsc#PED-11106) * Find the full changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.30.md#v13012 kubernetes-old-1.30.12-150600.13.7.1.src.rpm kubernetes1.30-client-1.30.12-150600.13.7.1.x86_64.rpm kubernetes1.30-client-bash-completion-1.30.12-150600.13.7.1.noarch.rpm kubernetes1.30-client-common-1.30.12-150600.13.7.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1565 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fix building with containerd 1.7.25+ (bsc#1237147) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog open-vm-tools-12.5.2-150600.3.12.1.src.rpm open-vm-tools-containerinfo-12.5.2-150600.3.12.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1736 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect fixes the following issues: - Version update v2.5.3 (bsc#1243360): - only handle command line options for the default - parse and ignore the previously removed log-credentials-errors - Restore usage output on unhandled command line options - Switch to go stable and update mod to 1.24.0 - Various golangci-lint v2.1x warnings fixed - Also allow optionally to pass down the system_token - Log everything to stderr - Code formatting - remove unnecessary packaging buildrequires container-suseconnect-2.5.3-150000.4.61.2.src.rpm container-suseconnect-2.5.3-150000.4.61.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2202 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update of nvidia-container-toolkit builds it as non-PIE again to avoid crashes at runtime. (bsc#1242429) nvidia-container-toolkit-1.11.0-150200.5.11.1.src.rpm nvidia-container-toolkit-1.11.0-150200.5.11.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1943 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect fixes the following issues: - Fix the issue with retrieving the repository index file for service 'container-suseconnect-zypp' (bsc#1243960) - Switch to sha256 from md5 - use go's native fips module on tumbleweed container-suseconnect-2.5.4-150000.4.64.1.src.rpm container-suseconnect-2.5.4-150000.4.64.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1947 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes fixes the following issues: kubernetes client version 1.33.1,(jsc#PED-11106) * Find full changelog – https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v1331 kubernetes-1.33.1-150600.13.10.1.src.rpm kubernetes1.33-client-1.33.1-150600.13.10.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.1-150600.13.10.1.noarch.rpm kubernetes1.33-client-common-1.33.1-150600.13.10.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-1945 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old fixes the following issues: - CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241781) This update to version 1.31.9 (jsc#PED-11105) * Find full changelog https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1319 kubernetes-old-1.31.9-150600.13.10.1.src.rpm kubernetes1.31-client-1.31.9-150600.13.10.1.x86_64.rpm kubernetes1.31-client-bash-completion-1.31.9-150600.13.10.1.noarch.rpm kubernetes1.31-client-common-1.31.9-150600.13.10.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2066 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for distribution fixes the following issues: The package is rebuild with more recent go go1.24, fixing respective security issues (bsc#1244471) distribution-2.8.3-150400.9.27.1.src.rpm distribution-registry-2.8.3-150400.9.27.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2093 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - Added patch to remove using rw as a default mount option (bsc#1239776) podman-4.9.5-150500.3.43.2.src.rpm podman-4.9.5-150500.3.43.2.x86_64.rpm podman-docker-4.9.5-150500.3.43.2.noarch.rpm podman-remote-4.9.5-150500.3.43.2.x86_64.rpm podmansh-4.9.5-150500.3.43.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2121 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm fixes the following issues: Update to version 3.18.3: * build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc (dependabot[bot]) * fix: user username password for login 5b9e2f6 (Terry Howe) * Update pkg/registry/transport.go 2782412 (Terry Howe) * Update pkg/registry/transport.go e66cf6a (Terry Howe) * fix: add debug logging to oci transport 191f05c (Terry Howe) Update to version 3.18.2: * fix: legacy docker support broken for login 04cad46 (Terry Howe) * Handle an empty registry config file. bc9f8a2 (Matt Farina) Update to version 3.18.1: * Notes: - This release fixes regressions around template generation and OCI registry interaction in 3.18.0 - There are at least 2 known regressions unaddressed in this release. They are being worked on. - Empty registry configuration files. When the file exists but it is empty. - Login to Docker Hub on some domains fails. * Changelog - fix(client): skipnode utilization for PreCopy - fix(client): layers now returns manifest - remove duplicate from descriptors - fix(client): return nil on non-allowed media types - Prevent fetching newReference again as we have in calling method - Prevent failure when resolving version tags in oras memory store - Update pkg/plugin/plugin.go - Update pkg/plugin/plugin.go - Wait for Helm v4 before raising when platformCommand and Command are set - Fix 3.18.0 regression: registry login with scheme - Revert "fix (helm) : toToml` renders int as float [ backport to v3 ]" Update to version 3.18.0 (bsc#1241802, CVE-2025-22872): * Notable Changes - Add support for JSON Schema 2020 - Enabled cpu and memory profiling - Add hook annotation to output hook logs to client on error * Changelog - build(deps): bump the k8s-io group with 7 updates - fix: govulncheck workflow - bump version to v3.18.0 - fix:add proxy support when mTLS configured - docs: Note about http fallback for OCI registries - Bump net package to avoid CVE on dev-v3 - Bump toml - backport #30677to dev3 - build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to 1.8.0 - Add install test for TakeOwnership flag - Fix --take-ownership - build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to 1.7.2 - build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 - build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 - Testing text bump - Permit more Go version and not only 1.23.8 - Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3 to 3.0.0 - Unarchiving fix - Fix typo - Report as debug log, the time spent waiting for resources - build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 - Update pkg/registry/fallback.go - automatic fallback to http - chore(oci): upgrade to ORAS v2 - Updating to 0.37.0 for x/net - build(deps): bump the k8s-io group with 7 updates - build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 - build(deps): bump github.com/opencontainers/image-spec - build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 - build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 - Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3 - Add HookOutputFunc and generic yaml unmarshaller - clarify fix error message - fix err check - add short circuit return - Add hook annotations to output pod logs to client on success and fail - chore: use []error instead of []string - Update cmd/helm/profiling.go - chore: update profiling doc in CONTRIBUTING.md - Update CONTRIBUTING guide - Prefer environment variables to CLI flags - Move pprof paths to HELM_PPROF env variable - feat: Add flags to enable CPU and memory profiling - build(deps): bump github.com/distribution/distribution/v3 - build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 - Moving to SetOut and SetErr for Cobra - build(deps): bump the k8s-io group with 7 updates - build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 - build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 - build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 - build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 - build(deps): bump github.com/cyphar/filepath-securejoin - build(deps): bump github.com/evanphx/json-patch - build(deps): bump the k8s-io group with 7 updates - fix: check group for resource info match - Bump github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0 - add test for nullifying nested global value - Ensuring the file paths are clean prior to passing to securejoin - Bump github.com/containerd/containerd from 1.7.24 to 1.7.25 - Bump golang.org/x/crypto from 0.31.0 to 0.32.0 - Bump golang.org/x/term from 0.27.0 to 0.28.0 - bump version to v3.17.0 - Bump github.com/moby/term from 0.5.0 to 0.5.2 - Add test case for removing an entire object - Tests for bugfix: Override subcharts with null values #12879 - feat: Added multi-platform plugin hook support to v3 - This commit fixes the issue where the yaml.Unmarshaller converts all int values into float64, this passes in option to decoder, which enables conversion of int into . - merge null child chart objects helm-3.18.3-150000.1.50.1.src.rpm helm-3.18.3-150000.1.50.1.x86_64.rpm helm-bash-completion-3.18.3-150000.1.50.1.noarch.rpm helm-zsh-completion-3.18.3-150000.1.50.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2210 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - Update to open-vm-tools 13.0.0 based on build 24696409. (bsc#1245169): There are no new features in the open-vm-tools 13.0.0 release. This is primarily a maintenance release that addresses a few issues, including: + The vm-support script has been updated to collect the open-vm-tools log files from the Linux guest and information from the systemd journal. + Github pull requests has been integrated and issues fixed. Please see the Resolved Issues section of the Release Notes. - Add patch: Currently the "telinit 6" command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a "systemctl reboot" command will be used to trigger reboot. Otherwise, the "telinit 6" command will be used assuming the traditional init system, SysVinit, is still available. - Drop patch now contained in 13.0.0: - Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes file where source validator was failing. open-vm-tools-13.0.0-150600.3.15.1.src.rpm open-vm-tools-containerinfo-13.0.0-150600.3.15.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2196 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah fixes the following issues: - Fix buildah not relabeling mounted paths and instead relies on the OCI runtime to do this (bsc#1242445) - Rebase patches buildah-1.35.5-150500.3.37.1.src.rpm buildah-1.35.5-150500.3.37.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2453 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect fixes the following issues: - Do not log credentials errors - Switch to the go native fips 140-3 module container-suseconnect-2.5.5-150000.4.67.1.src.rpm container-suseconnect-2.5.5-150000.4.67.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2581 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Update to version 1.5.2 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.5.2 - bsc#1234537 (CVE-2024-45337), bsc#1235303 (CVE-2024-45338), bsc#1244486 - Add LABEL with support level - Drop packages: iptables and lsscsi - Enable aarch64 build (jsc#PED-10545) - Fix missing virtio-gpu packages missing from the aarch64 images (bsc#1237270) - Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762) - Install psmisc (provides killall for tests) kubevirt-1.5.2-150700.3.5.2.src.rpm kubevirt-manifests-1.5.2-150700.3.5.2.x86_64.rpm kubevirt-virtctl-1.5.2-150700.3.5.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2554 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.62.0: Release notes: https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.62.0 Update to version 1.61.0: Release notes: - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.61.0 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.4 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.3 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.2 - Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545) Update to version 1.60.1 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.1 Update to version 1.59.0: - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.1 - Add LABEL with support level - Enable aarch64 build (jsc#PED-10545) containerized-data-importer-1.62.0-150700.9.3.1.src.rpm containerized-data-importer-manifests-1.62.0-150700.9.3.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2914 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) docker-28.3.3_ce-150000.230.1.src.rpm docker-bash-completion-28.3.3_ce-150000.230.1.noarch.rpm docker-rootless-extras-28.3.3_ce-150000.230.1.noarch.rpm docker-zsh-completion-28.3.3_ce-150000.230.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2711 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for nvidia-container-toolkit fixes the following issues: - fix startup by reverting change to PIE mode (bsc#1242429) nvidia-container-toolkit-1.11.0-150200.5.14.1.src.rpm nvidia-container-toolkit-1.11.0-150200.5.14.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2808 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) podman-4.9.5-150500.3.46.1.src.rpm podman-4.9.5-150500.3.46.1.x86_64.rpm podman-docker-4.9.5-150500.3.46.1.noarch.rpm podman-remote-4.9.5-150500.3.46.1.x86_64.rpm podmansh-4.9.5-150500.3.46.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-2889 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it with the last go1.24 security release. container-suseconnect-2.5.5-150000.4.69.1.src.rpm container-suseconnect-2.5.5-150000.4.69.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3048 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for python3-kubernetes fixes the following issues: - Fix the mismatch of requirements for the python3-kubernetes package in SLES15-SP7 (bsc#1247505) python3-kubernetes-31.0.0-150400.24.1.noarch.rpm python3-kubernetes-31.0.0-150400.24.1.src.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3080 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Update to version 1.6.0: Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.6.0 - Add killall and sysctl packages missing from SP7 base image (bsc#1244621, bsc#1244624) kubevirt-1.6.0-150700.3.8.1.src.rpm kubevirt-manifests-1.6.0-150700.3.8.1.x86_64.rpm kubevirt-virtctl-1.6.0-150700.3.8.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3876 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker fixes the following issues: Update to docker-buildx v0.28.0. See upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.28.0> Update to Docker 28.4.0-ce: See upstream changelog: <https://docs.docker.com/engine/release-notes/28/#2840> - Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. - Enable building docker-buildx for SLE15 systems with SUSEConnect secret injection enabled. PED-12534 PED-8905 bsc#1247594 As docker-buildx does not support our SUSEConnect secret injection (and some users depend "docker build" working transparently), patch the docker CLI so that "docker build" will no longer automatically call "docker buildx build", effectively making DOCKER_BUILDKIT=0 the default configuration. Users can manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order to opt-in to using docker-buildx. Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0 explicitly. In order to inject SCC credentials with docker-buildx, users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.4.0_ce-150000.235.1.src.rpm docker-bash-completion-28.4.0_ce-150000.235.1.noarch.rpm docker-rootless-extras-28.4.0_ce-150000.235.1.noarch.rpm docker-zsh-completion-28.4.0_ce-150000.235.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3265 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update of container-suseconnect rebuilds it against current go1.25. container-suseconnect-2.5.5-150000.4.71.1.src.rpm container-suseconnect-2.5.5-150000.4.71.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3434 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). open-vm-tools-13.0.0-150600.3.18.1.src.rpm open-vm-tools-containerinfo-13.0.0-150600.3.18.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3800 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for aardvark-dns fixes the following issues: - Fixed resolv.conf parsing issue (bsc#1248744) aardvark-dns-1.12.2-150500.3.12.1.src.rpm aardvark-dns-1.12.2-150500.3.12.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3545 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. - Remove git-core recommends on SLE to avoid pulling it in unnecessary. (bsc#1250508) This feature is mostly intended for developers ("docker build git://") so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). - Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems that this package does not include fixes for ~12 years of updates. So, include a copy of the original package's changelog up until the fork point. bsc#1250596 - Update to docker-buildx v0.25.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.25.0> - Update to Go 1.23 for building now that upstream has switched their 23.0.x LTSS to use Go 1.23. - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150 - Initial docker-stable fork, forked from Docker 24.0.7-ce release (packaged on 2024-02-14). The original changelog is included below for historical reference. docker-stable-24.0.9_ce-150000.1.25.1.src.rpm docker-stable-24.0.9_ce-150000.1.25.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.25.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.25.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3782 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - CVE-2025-9566: fixed a case when kube play command could overwrite host files (bsc#1249154). podman-4.9.5-150500.3.49.1.src.rpm podman-4.9.5-150500.3.49.1.x86_64.rpm podman-docker-4.9.5-150500.3.49.1.noarch.rpm podman-remote-4.9.5-150500.3.49.1.x86_64.rpm podmansh-4.9.5-150500.3.49.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3535 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: fixed a local privilege escalation vulnerability (bnc#1250373). open-vm-tools-13.0.5-150600.3.21.1.src.rpm open-vm-tools-containerinfo-13.0.5-150600.3.21.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3952 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes fixes the following issues: Added `Recommends: diffutils` to Kubernetes*-client package (bsc#1251168) * This fixes errors like: kubectl kustomize . --enable-helm | kubectl diff -n "$NAMESPACE" -f - error: failed to run "diff": executable file not found in $PATH kubernetes-1.33.1-150600.13.13.1.src.rpm kubernetes1.33-client-1.33.1-150600.13.13.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.1-150600.13.13.1.noarch.rpm kubernetes1.33-client-common-1.33.1-150600.13.13.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3953 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old fixes the following issues: Added `Recommends: diffutils` to Kubernetes*-client package, bsc#1251168 This fixes errors like: kubectl kustomize . --enable-helm | kubectl diff -n "$NAMESPACE" -f - error: failed to run "diff": executable file not found in $PATH ``` kubernetes-old-1.31.9-150600.13.13.1.src.rpm kubernetes1.31-client-1.31.9-150600.13.13.1.x86_64.rpm kubernetes1.31-client-bash-completion-1.31.9-150600.13.13.1.noarch.rpm kubernetes1.31-client-common-1.31.9-150600.13.13.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3805 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against the current go1.25 release. container-suseconnect-2.5.5-150000.4.73.1.src.rpm container-suseconnect-2.5.5-150000.4.73.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-3925 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah fixes the following issues: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) buildah-1.35.5-150500.3.40.1.src.rpm buildah-1.35.5-150500.3.40.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4081 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376) - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376) - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376) Other fixes: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) podman-4.9.5-150500.3.56.2.src.rpm podman-4.9.5-150500.3.56.2.x86_64.rpm podman-docker-4.9.5-150500.3.56.2.noarch.rpm podman-remote-4.9.5-150500.3.56.2.x86_64.rpm podmansh-4.9.5-150500.3.56.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4076 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1253096) buildah-1.35.5-150500.3.45.1.src.rpm buildah-1.35.5-150500.3.45.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4288 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) containerd-1.7.29-150000.128.1.src.rpm containerd-ctr-1.7.29-150000.128.1.x86_64.rpm containerd-devel-1.7.29-150000.128.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4225 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems (bsc#1252290). docker-stable-24.0.9_ce-150000.1.30.1.src.rpm docker-stable-24.0.9_ce-150000.1.30.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.30.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.30.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4190 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm fixes the following issues: - Update to version 3.19.1 - CVE-2025-53547: Fixed local code execution in Helm Chart. (bsc#1246152) - CVE-2025-58190: Fixed excessive memory consumption by `html.ParseFragment` when processing specially crafted input. (bsc#1251649) - CVE-2025-47911: Fixed various algorithms with quadratic complexity when parsing HTML documents. (bsc#1251442) helm-3.19.1-150000.1.57.1.src.rpm helm-3.19.1-150000.1.57.1.x86_64.rpm helm-bash-completion-3.19.1-150000.1.57.1.noarch.rpm helm-zsh-completion-3.19.1-150000.1.57.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4187 critical SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for nvidia-container-toolkit fixes the following issues: - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead of defaulting to the legacy mode. - Added a systemd unit to generate CDI specifications for available devices automatically. This allows native CDI support in container engines such as Docker and Podman to be used without additional steps. - Security issues fixed: - CVE-2024-0133: Fixed data tampering in host file system via specially crafted container image (bsc#1231032) - CVE-2024-0132: Fixed time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033) - CVE-2024-0134: Fixed specially-crafted container image can lead to the creation of unauthorized files on the host (bsc#1232855) - CVE-2024-0135: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236496) - CVE-2024-0136: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236497) - CVE-2024-0137: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236498) - CVE-2025-23359: Fixed TOCTOU Vulnerability in NVIDIA Container Toolkit (bsc#1237085) - CVE-2025-23267: Fixed link following can lead to container escape (bsc#1246614) - CVE-2025-23266: Fixed hook initialization might lead to escalation of privileges (bsc#1246860) nvidia-container-toolkit-1.18.0-150200.5.17.1.src.rpm nvidia-container-toolkit-1.18.0-150200.5.17.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4185 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542) podman-4.9.5-150500.3.59.1.src.rpm podman-4.9.5-150500.3.59.1.x86_64.rpm podman-docker-4.9.5-150500.3.59.1.noarch.rpm podman-remote-4.9.5-150500.3.59.1.x86_64.rpm podmansh-4.9.5-150500.3.59.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4245 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah fixes the following issues: - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or signing request. (bsc#1253598) buildah-1.35.5-150500.3.48.1.src.rpm buildah-1.35.5-150500.3.48.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4330 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Updated kubevirt to version 1.6.3: - CVE-2025-22872: Fixed incorrect interpretation of tags leading content to be placed wrong scope during DOM construction in golang.org/x/net/html (bsc#1241772) - CVE-2025-64432: Fixed bypass of RBAC controls due to incorrect validation of certain fields in the client TLS certificate (bsc#1253181) - CVE-2025-64433: Fixed arbitrary files read via improper symlink handling (bsc#1253185) - CVE-2025-64434: Fixed privilege escalation via virt-api impersonification due to compromise virt-handler instance (bsc#1253186) - CVE-2025-64437: Fixed mishandling of symlinks (bsc#1253194) - CVE-2025-64324: Fixed a logic bug that allows an attacker to read and write arbitrary files owned by more privileged users (bsc#1253748) kubevirt-1.6.3-150700.3.13.1.src.rpm kubevirt-manifests-1.6.3-150700.3.13.1.x86_64.rpm kubevirt-virtctl-1.6.3-150700.3.13.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4312 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker fixes the following issues: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no practical impact on non-SELinux systems. bsc#1252290 - Update to Docker 28.5.1-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2851> - Update to Docker 28.5.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2850> - Update to docker-buildx v0.29.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.29.0> - Remove git-core recommends also on openSUSE: the below argument is valid for those users too. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker. bsc#1250508 This feature is mostly intended for developers ("docker build git://") so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). docker-28.5.1_ce-150000.238.1.src.rpm docker-bash-completion-28.5.1_ce-150000.238.1.noarch.rpm docker-rootless-extras-28.5.1_ce-150000.238.1.noarch.rpm docker-zsh-completion-28.5.1_ce-150000.238.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4328 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues: - Fix incorrect permissions for overlayfs lowerdir (bsc#1254206). In practice the permissions of this directory are immaterial but some security scanners falsely flag this as an issue. docker-stable-24.0.9_ce-150000.1.33.1.src.rpm docker-stable-24.0.9_ce-150000.1.33.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.33.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.33.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4381 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. kubernetes-1.33.1-150600.13.15.2.src.rpm kubernetes1.33-client-1.33.1-150600.13.15.2.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.1-150600.13.15.2.noarch.rpm kubernetes1.33-client-common-1.33.1-150600.13.15.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4380 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. kubernetes-old-1.31.9-150600.13.15.2.src.rpm kubernetes1.31-client-1.31.9-150600.13.15.2.x86_64.rpm kubernetes1.31-client-bash-completion-1.31.9-150600.13.15.2.noarch.rpm kubernetes1.31-client-common-1.31.9-150600.13.15.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4373 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against current go security release. container-suseconnect-2.5.5-150000.4.75.1.src.rpm container-suseconnect-2.5.5-150000.4.75.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4421 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah rebuilds it against the current security release of GO. buildah-1.35.5-150500.3.50.1.src.rpm buildah-1.35.5-150500.3.50.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4437 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm rebuilds it against current GO to fix security issues in go-stdlib. helm-3.19.1-150000.1.59.1.src.rpm helm-3.19.1-150000.1.59.1.x86_64.rpm helm-bash-completion-3.19.1-150000.1.59.1.noarch.rpm helm-zsh-completion-3.19.1-150000.1.59.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4510 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes fixes the following issues: - Update to version 1.35.0: initial package for Kubernetes v1.35.0 * Full changelog - https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.35.md#v1350 kubernetes-1.35.0-150600.13.18.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.18.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.18.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.18.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2025-4509 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old fixes the following issues: Initial package for Kubernetes v1.33.7 * Full changelog - https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.33.md#v1337 kubernetes-old-1.33.7-150600.13.18.1.src.rpm kubernetes1.33-client-1.33.7-150600.13.18.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.7-150600.13.18.1.noarch.rpm kubernetes1.33-client-common-1.33.7-150600.13.18.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-67 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of-bounds read with non validated message size (bsc#1253993) podman-4.9.5-150500.3.62.2.src.rpm podman-4.9.5-150500.3.62.2.x86_64.rpm podman-docker-4.9.5-150500.3.62.2.noarch.rpm podman-remote-4.9.5-150500.3.62.2.x86_64.rpm podmansh-4.9.5-150500.3.62.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-14 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) buildah-1.35.5-150500.3.53.1.src.rpm buildah-1.35.5-150500.3.53.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-75 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old fixes the following issues: - bump `diffutils` as `Requires` in the Kubernetes*-client package (bsc#1251168) * Adding as `Recommends` did not work - recommends do not actually get respected in container builds, as container builds are configured to install with packages marked as required. kubernetes-old-1.33.7-150600.13.21.1.src.rpm kubernetes1.33-client-1.33.7-150600.13.21.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.7-150600.13.21.1.noarch.rpm kubernetes1.33-client-common-1.33.7-150600.13.21.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-74 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes fixes the following issues: - bump `diffutils` as `Requires` in the Kubernetes*-client package (bsc#1251168) * Adding as `Recommends` didn't work - recommends do not actually get respected in container builds, as container builds are configured to install with packages marked as required. kubernetes-1.35.0-150600.13.21.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.21.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.21.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.21.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-446 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman fixes the following issues: - Add symlink to catatonit in /usr/libexec/podman (bsc#1248988) podman-4.9.5-150500.3.65.1.src.rpm podman-4.9.5-150500.3.65.1.x86_64.rpm podman-docker-4.9.5-150500.3.65.1.noarch.rpm podman-remote-4.9.5-150500.3.65.1.x86_64.rpm podmansh-4.9.5-150500.3.65.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-319 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against the current GO security release. container-suseconnect-2.5.5-150000.4.77.1.src.rpm container-suseconnect-2.5.5-150000.4.77.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-326 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm rebuilds it against the current GO security release. helm-3.19.1-150000.1.62.1.src.rpm helm-3.19.1-150000.1.62.1.x86_64.rpm helm-bash-completion-3.19.1-150000.1.62.1.noarch.rpm helm-zsh-completion-3.19.1-150000.1.62.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-325 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes rebuilds it against the current GO security release. kubernetes-1.35.0-150600.13.23.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.23.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.23.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.23.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-399 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old rebuilds it against the current GO security release. kubernetes-old-1.33.7-150600.13.23.1.src.rpm kubernetes1.33-client-1.33.7-150600.13.23.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.7-150600.13.23.1.noarch.rpm kubernetes1.33-client-common-1.33.7-150600.13.23.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-428 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151: (bsc#1257357): * There are no new features in the open-vm-tools 13.0.10 release. * This is primarily a maintenance release that addresses a fix. * A minor enhancement has been made for Guest OS Customization. * The DeployPkg plugin has been updated to handle a new cloud-init error code that signals a recoverable error and allow cloud-init to finish running. open-vm-tools-13.0.10-150600.3.24.1.src.rpm open-vm-tools-containerinfo-13.0.10-150600.3.24.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-479 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container, virt-synchronization-controller-container fixes the following issues: Update to version 1.7.0. (bsc#1257128) Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.7.0 - CVE-2025-64435: Fixes logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS (bsc#1253189 ) - CVE-2024-45310: Fixes kubevirt vendored github.com/opencontainers/runc/libcontainer/utils: runc can be tricked into creating empty files/directories on host bsc#1257422 - Upstream now uses stateless firmware for CoCo VMs. kubevirt-1.7.0-150700.3.16.2.src.rpm kubevirt-manifests-1.7.0-150700.3.16.2.x86_64.rpm kubevirt-virtctl-1.7.0-150700.3.16.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-571 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.64.0 Also cdi was rebuilt against the recent GO release. containerized-data-importer-1.64.0-150700.9.6.1.src.rpm containerized-data-importer-manifests-1.64.0-150700.9.6.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-493 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect fixes the following issues: Update to version 2.5.6:: * Change the version logic * Fix FIPS environment variable in CI * Test in fips mode container-suseconnect-2.5.6-150000.4.80.2.src.rpm container-suseconnect-2.5.6-150000.4.80.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-558 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for libnvidia-container fixes the following issues: Update to version 1.18.0. Security issues fixed: - CVE-2024-0132: time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033). - CVE-2024-0133: data tampering in host file system via specially crafted container image (bsc#1231032). Other updates and bugfixes: - updated to 1.18.0 - Add clock_gettime to allowed syscalls - Fix pointer accessing local variable out of scope - Require version match between libnvidia-container-tools and libnvidia-container1 - Add libnvidia-gpucomp.so to the list of compute libs - Use VERSION_ prefix for version parts in makefiles - Add additional logging - Do not discard container flags when --cuda-compat-mode is not specified - Remove unneeded --no-cntlibs argument from list command - Add cuda-compat-mode flag to configure command - Skip files when user has insufficient permissions - Fix building with Go 1.24 - Add no-cntlibs CLI option to nvidia-container-cli - Fix always using fallback - Add fallback for systems without memfd_create() - Create virtual copy of host ldconfig binary before calling fexecve() - Fix some typos in text. - update nvidia modprobe to expected 550.54.14. - remove services libnvidia-container-1.18.0-150200.5.9.1.src.rpm libnvidia-container-devel-1.18.0-150200.5.9.1.x86_64.rpm libnvidia-container-static-1.18.0-150200.5.9.1.x86_64.rpm libnvidia-container-tools-1.18.0-150200.5.9.1.x86_64.rpm libnvidia-container1-1.18.0-150200.5.9.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-572 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes rebuilds it against the current GO security release. kubernetes-1.35.0-150600.13.25.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.25.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.25.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.25.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-573 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old rebuilds it against the current GO security release. kubernetes-old-1.33.7-150600.13.25.1.src.rpm kubernetes1.33-client-1.33.7-150600.13.25.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.7-150600.13.25.1.noarch.rpm kubernetes1.33-client-common-1.33.7-150600.13.25.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-480 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm rebuilds it against the current GO security release. helm-3.19.1-150000.1.64.1.src.rpm helm-3.19.1-150000.1.64.1.x86_64.rpm helm-bash-completion-3.19.1-150000.1.64.1.noarch.rpm helm-zsh-completion-3.19.1-150000.1.64.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-659 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues: - CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. (bsc#1240513) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-stable-24.0.9_ce-150000.1.36.1.src.rpm docker-stable-24.0.9_ce-150000.1.36.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.36.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.36.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-666 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-150000.241.2.src.rpm docker-bash-completion-28.5.1_ce-150000.241.2.noarch.rpm docker-rootless-extras-28.5.1_ce-150000.241.2.noarch.rpm docker-zsh-completion-28.5.1_ce-150000.241.2.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-909 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against the current go 1.25 security release. container-suseconnect-2.5.6-150000.4.82.1.src.rpm container-suseconnect-2.5.6-150000.4.82.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-948 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm rebuilds it against the current go 1.25 security release. helm-3.19.1-150000.1.66.1.src.rpm helm-3.19.1-150000.1.66.1.x86_64.rpm helm-bash-completion-3.19.1-150000.1.66.1.noarch.rpm helm-zsh-completion-3.19.1-150000.1.66.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-917 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes rebuilds it against the current go 1.25 security release. kubernetes-1.35.0-150600.13.27.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.27.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.27.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.27.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1105 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for containerd rebuilds it against the current go 1.25 security release. containerd-1.7.29-150000.130.1.src.rpm containerd-ctr-1.7.29-150000.130.1.x86_64.rpm containerd-devel-1.7.29-150000.130.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-950 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker rebuilds it against the current go 1.25 security release. docker-28.5.1_ce-150000.243.1.src.rpm docker-bash-completion-28.5.1_ce-150000.243.1.noarch.rpm docker-rootless-extras-28.5.1_ce-150000.243.1.noarch.rpm docker-zsh-completion-28.5.1_ce-150000.243.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-972 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253904). Updating docker will restart the docker service, which may stop your docker containers. Do you want to proceed with the update? docker-stable-24.0.9_ce-150000.1.39.1.src.rpm docker-stable-24.0.9_ce-150000.1.39.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.39.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.39.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1483 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm fixes the following issues: - CVE-2025-55199: crafted JSON Schema can lead to out of memory (OOM) termination (bsc#1248093). - CVE-2026-35206: files written to unexpected directory via specially crafted Chart(bsc#1261938). Changes for helm: - Update to version 3.20.2 helm-3.20.2-150000.1.71.2.src.rpm helm-3.20.2-150000.1.71.2.x86_64.rpm helm-bash-completion-3.20.2-150000.1.71.2.noarch.rpm helm-zsh-completion-3.20.2-150000.1.71.2.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1484 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against the current go 1.25 security release. container-suseconnect-2.5.6-150000.4.84.1.src.rpm container-suseconnect-2.5.6-150000.4.84.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1490 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes rebuilds it against the current go 1.25 security release. kubernetes-1.35.0-150600.13.29.1.src.rpm kubernetes1.35-client-1.35.0-150600.13.29.1.x86_64.rpm kubernetes1.35-client-bash-completion-1.35.0-150600.13.29.1.noarch.rpm kubernetes1.35-client-common-1.35.0-150600.13.29.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1489 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubernetes-old rebuilds it against the current go 1.25 security release. kubernetes-old-1.33.7-150600.13.27.1.src.rpm kubernetes1.33-client-1.33.7-150600.13.27.1.x86_64.rpm kubernetes1.33-client-bash-completion-1.33.7-150600.13.27.1.noarch.rpm kubernetes1.33-client-common-1.33.7-150600.13.27.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1540 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman rebuilds it against the current go 1.25 security release. podman-4.9.5-150500.3.67.1.src.rpm podman-4.9.5-150500.3.67.1.x86_64.rpm podman-docker-4.9.5-150500.3.67.1.noarch.rpm podman-remote-4.9.5-150500.3.67.1.x86_64.rpm podmansh-4.9.5-150500.3.67.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1495 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for containerd rebuilds it against the current go 1.25 security release. containerd-1.7.29-150000.132.1.src.rpm containerd-ctr-1.7.29-150000.132.1.x86_64.rpm containerd-devel-1.7.29-150000.132.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1494 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for rootlesskit rebuilds it against the current go 1.25 security release. rootlesskit-1.1.1-150600.3.2.2.src.rpm rootlesskit-1.1.1-150600.3.2.2.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1492 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker rebuilds it against the current go 1.25 security release. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-28.5.1_ce-150000.245.2.src.rpm docker-bash-completion-28.5.1_ce-150000.245.2.noarch.rpm docker-rootless-extras-28.5.1_ce-150000.245.2.noarch.rpm docker-zsh-completion-28.5.1_ce-150000.245.2.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1491 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah rebuilds it against the current go 1.25 security release. buildah-1.35.5-150500.3.55.1.src.rpm buildah-1.35.5-150500.3.55.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-1752 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for distribution fixes the following issues: - rebuild with go 1.26 (bsc#1259718) distribution-2.8.3-150400.9.30.1.src.rpm distribution-registry-2.8.3-150400.9.30.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2042 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for container-suseconnect rebuilds it against the current go security release. container-suseconnect-2.5.6-150000.4.86.1.src.rpm container-suseconnect-2.5.6-150000.4.86.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2049 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for helm fixes the following issues Security issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE (bsc#1265758). - CVE-2026-41888: github.com/distribution/distribution/v3: tag deletion bypasses the storage.delete.enabled configuration (bsc#1265428). Non security issue: - Fix packages for %suse_version bump (jsc#PED-15794). - Update to version 3.21.0 helm-3.21.0-150000.1.75.1.src.rpm helm-3.21.0-150000.1.75.1.x86_64.rpm helm-bash-completion-3.21.0-150000.1.75.1.noarch.rpm helm-zsh-completion-3.21.0-150000.1.75.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2082 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for podman rebuilds it against the current go security release. podman-4.9.5-150500.3.69.1.src.rpm podman-4.9.5-150500.3.69.1.x86_64.rpm podman-docker-4.9.5-150500.3.69.1.noarch.rpm podman-remote-4.9.5-150500.3.69.1.x86_64.rpm podmansh-4.9.5-150500.3.69.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2044 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for rootlesskit rebuilds it against the current go security release. rootlesskit-1.1.1-150600.3.4.1.src.rpm rootlesskit-1.1.1-150600.3.4.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2033 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker rebuilds it against the current go security release. docker-28.5.1_ce-150000.247.1.src.rpm docker-bash-completion-28.5.1_ce-150000.247.1.noarch.rpm docker-rootless-extras-28.5.1_ce-150000.247.1.noarch.rpm docker-zsh-completion-28.5.1_ce-150000.247.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2030 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for buildah rebuilds it against the current go security release. buildah-1.35.5-150500.3.57.1.src.rpm buildah-1.35.5-150500.3.57.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2032 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for distribution rebuilds it against the current go security release. distribution-2.8.3-150400.9.32.1.src.rpm distribution-registry-2.8.3-150400.9.32.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2120 important SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory (bsc#1260967). - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of Git URL fragment subdir components may allow access to files outside the checked-out Git repository (bsc#1261078). Updating docker will restart the docker service, which may stop your docker containers. Do you want to proceed with the update? docker-stable-24.0.9_ce-150000.1.42.1.src.rpm docker-stable-24.0.9_ce-150000.1.42.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.42.1.noarch.rpm docker-stable-zsh-completion-24.0.9_ce-150000.1.42.1.noarch.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2077 critical SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for kubevirt fixes the following issue: CVE-2026-7374: Fixed privilege escalation and node compromise via symlink following vulnerability (bsc#1265467) kubevirt-1.7.0-150700.3.21.1.src.rpm kubevirt-manifests-1.7.0-150700.3.21.1.x86_64.rpm kubevirt-virtctl-1.7.0-150700.3.21.1.x86_64.rpm SUSE-SLE-Module-Containers-15-SP7-2026-2088 moderate SUSE Updates SLE-Module-Containers 15-SP7 x86 64 This update for open-vm-tools fixes the following issues: - Update to 13.1.0 release based on build 25218885 (bsc#1265304): * Support for GNOME Toolkit version 4 * New release of the Salt-Minion integration script * Fallback to ignore systemd inhibitors during guest poweroff / reboot * Fix: vmware-vgauth-smoketest: no VGAuthLib.vmsg file * Fix: Inline comment breaks "disable_vmware_customization" check * For a more complete description of what is new in this release: https://github.com/vmware/open-vm-tools/blob/stable-13.1.0/ReleaseNotes.md#whatsnew https://github.com/vmware/open-vm-tools/blob/stable-13.1.0/ReleaseNotes.md#resolved-issues - Fix build with glibc 2.43 (bsc#1257312) open-vm-tools-13.1.0-150600.3.27.1.src.rpm open-vm-tools-containerinfo-13.1.0-150600.3.27.1.x86_64.rpm