SUSE-CU-2025:5802-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Aug 1 07:18:42 UTC 2025 

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5802-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-14.11 , bci/spack:latest
Container Release     : 14.11
Severity              : moderate
Type                  : security
References            : 1233012 1244270 1244272 1244273 1244279 1244336 CVE-2025-5914
                        CVE-2025-5915 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2566-1
Released:    Thu Jul 31 09:18:44 2025
Summary:     Security update for libarchive
Type:        security
Severity:    moderate
References:  1244270,1244272,1244273,1244279,1244336,CVE-2025-5914,CVE-2025-5915,CVE-2025-5916,CVE-2025-5917,CVE-2025-5918
This update for libarchive fixes the following issues:

- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2573-1
Released:    Thu Jul 31 11:15:06 2025
Summary:     Recommended update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six
Type:        recommended
Severity:    moderate
References:  1233012
This update for python-Cython, python-attrs, python-boto3, python-botocore, python-cffi, python-decorator, python-packaging, python-s3transfer, python-six fixes the following issues:

- Add python36 provides/obsoletes to enable SLE-12 to SLE-15 migration (bsc#1233012)


The following package changes have been done:

- libarchive13-3.7.2-150600.3.17.1 updated
- python3-cffi-1.13.2-150200.3.5.1 updated

More information about the sle-container-updates mailing list