SUSE-CU-2025:5833-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Aug 2 07:17:23 UTC 2025 

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5833-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-15.1 , bci/spack:latest
Container Release     : 15.1
Severity              : important
Type                  : security
References            : 1230959 1231748 1232326 1246232 1246233 1246267 1246299 1246428
                        CVE-2025-32988 CVE-2025-32989 CVE-2025-32990 CVE-2025-6395 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2595-1
Released:    Fri Aug  1 17:13:59 2025
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:

- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released:    Fri Aug  1 17:35:01 2025
Summary:     Recommended update for openssl-3
Type:        recommended
Severity:    important
References:  1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:

- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)


The following package changes have been done:

- libgnutls30-3.8.3-150600.4.9.1 updated
- libopenssl-3-devel-3.2.3-150700.5.15.1 updated

More information about the sle-container-updates mailing list