SUSE-CU-2025:5844-1: Security update of suse/sle-micro/5.3/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Aug 5 07:18:18 UTC 2025 

SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5844-1
Container Tags        : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.167 , suse/sle-micro/5.3/toolbox:latest
Container Release     : 6.11.167
Severity              : important
Type                  : security
References            : 1243935 1246296 1246597 CVE-2025-4598 CVE-2025-6965 CVE-2025-7425
-----------------------------------------------------------------

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2620-1
Released:    Mon Aug  4 09:42:43 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:

- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2672-1
Released:    Mon Aug  4 15:06:13 2025
Summary:     Security update for sqlite3
Type:        security
Severity:    important
References:  1246597,CVE-2025-6965
This update for sqlite3 fixes the following issues:

- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
    
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2675-1
Released:    Mon Aug  4 15:53:48 2025
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1243935,CVE-2025-4598
This update for systemd fixes the following issues:

- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).


The following package changes have been done:

- libsqlite3-0-3.50.2-150000.3.33.1 updated
- libsystemd0-249.17-150400.8.49.2 updated
- libudev1-249.17-150400.8.49.2 updated
- libxml2-2-2.9.14-150400.5.47.1 updated

More information about the sle-container-updates mailing list