SUSE-CU-2025:2488-1: Security update of containers/open-webui
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Apr 15 12:03:38 UTC 2025
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2488-1
Container Tags : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.30
Container Release : 9.30
Severity : important
Type : security
References : 1219494 1230983 1237374 1239618 CVE-2024-8176
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1201-1
Released: Fri Apr 11 12:15:58 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1239618,CVE-2024-8176
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat. at SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1245-1
Released: Mon Apr 14 13:31:49 2025
Summary: Recommended update for pkg-config
Type: recommended
Severity: moderate
References: 1237374
This update for rsync fixes the following issues:
- Security scan found old glib in pkg-config (bsc#1237374).
- This update for pkg-config changes attribute to the author who actually
makes the change
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1256-1
Released: Mon Apr 14 17:41:38 2025
Summary: Recommended update for ffmpeg-4
Type: recommended
Severity: moderate
References: 1219494,1230983
This update for ffmpeg-4 fixes the following issues:
- Fixed build against dav1d, which has been updated
- No longer build against libmfx; build against libvp (bsc#1230983, bsc#1219494)
- Drop libmfx dependency from our product (jira #PED-10024)
The following package changes have been done:
- libexpat1-2.7.1-150400.3.28.1 updated
- libgeos3_12_2-3.12.2-150600.1.13 updated
- libthrift-0_17_0-0.17.0-150600.1.16 updated
- opencv4-cascades-data-4.11.0-150600.1.8 updated
- pkg-config-0.29.2-150600.15.6.3 updated
- libprotobuf25_5_0-25.5-150600.2.56 updated
- libgeos_c1-3.12.2-150600.1.13 updated
- python311-pymongo-4.6.3-150600.1.15 updated
- python311-psycopg2-2.9.9-150600.1.20 updated
- python311-protobuf-4.25.5-150600.2.56 updated
- python311-propcache-0.2.0-150600.1.5 updated
- python311-primp-0.6.3-150600.1.19 updated
- python311-peewee-3.17.8-150600.1.6 updated
- python311-mmh3-4.1.0-150600.1.17 updated
- python311-greenlet-3.1.0-150600.1.19 updated
- python311-certifi-2024.7.4-150600.1.34 updated
- python311-cchardet-2.1.19-150600.1.29 updated
- python311-PyYAML-6.0.1-150600.1.14 updated
- python311-cffi-1.17.0-150600.1.14 updated
- python311-Pillow-10.4.0-150600.1.16 updated
- python311-yarl-1.18.3-150600.1.5 updated
- python311-SQLAlchemy-2.0.32-150600.1.18 updated
- python311-grpcio-1.69.0-150600.1.6 updated
- libarrow1700-17.0.0-150600.2.22 updated
- libctranslate2-4-4.4.0-150600.1.12 updated
- python311-cryptography-43.0.1-150600.1.21 updated
- python311-aiohttp-3.11.11-150600.1.8 updated
- python311-grpcio-tools-1.68.1-150600.1.8 updated
- libparquet1700-17.0.0-150600.2.22 updated
- libarrow_acero1700-17.0.0-150600.2.22 updated
- python311-ctranslate2-4.4.0-150600.1.14 updated
- python311-numpy1-1.26.4-150600.1.34 updated
- libavutil56_70-4.4.5-150600.13.22.1 updated
- libarrow_flight1700-17.0.0-150600.2.22 updated
- libarrow_dataset1700-17.0.0-150600.2.22 updated
- python311-torch-2.5.0-150600.2.2 updated
- python311-scipy-1.14.1-150600.1.35 updated
- python311-pandas-2.2.3-150600.1.35 updated
- python311-chroma-hnswlib-0.7.6-150600.2.13 updated
- python311-Shapely-2.0.6-150600.1.15 updated
- libswscale5_9-4.4.5-150600.13.22.1 updated
- libswresample3_9-4.4.5-150600.13.22.1 updated
- libpostproc55_9-4.4.5-150600.13.22.1 updated
- libavresample4_0-4.4.5-150600.13.22.1 updated
- python311-pyarrow-17.0.0-150600.2.37 updated
- python311-scikit-learn-1.5.1-150600.1.37 updated
- libavcodec58_134-4.4.5-150600.13.22.1 updated
- libavformat58_76-4.4.5-150600.13.22.1 updated
- libopencv411-4.11.0-150600.1.8 updated
- libavfilter7_110-4.4.5-150600.13.22.1 updated
- libopencv_objdetect411-4.11.0-150600.1.8 updated
- libopencv_imgcodecs411-4.11.0-150600.1.8 updated
- libavdevice58_13-4.4.5-150600.13.22.1 updated
- libopencv_face411-4.11.0-150600.1.8 updated
- libopencv_aruco411-4.11.0-150600.1.8 updated
- libopencv_ximgproc411-4.11.0-150600.1.8 updated
- ffmpeg-4-4.4.5-150600.13.22.1 updated
- libopencv_optflow411-4.11.0-150600.1.8 updated
- libopencv_highgui411-4.11.0-150600.1.8 updated
- libopencv_gapi411-4.11.0-150600.1.8 updated
- libopencv_videoio411-4.11.0-150600.1.8 updated
- python311-opencv-4.11.0-150600.1.8 updated
- python311-open-webui-0.5.14-150600.1.22 updated
More information about the sle-container-updates
mailing list