SUSE-CU-2025:5876-1: Security update of bci/spack
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Aug 5 07:41:38 UTC 2025
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5876-1
Container Tags : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.31
Container Release : 11.31
Severity : important
Type : security
References : 1246232 1246233 1246267 1246299 CVE-2025-32988 CVE-2025-32989
CVE-2025-32990 CVE-2025-6395
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2595-1
Released: Fri Aug 1 17:13:59 2025
Summary: Security update for gnutls
Type: security
Severity: important
References: 1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
The following package changes have been done:
- libgnutls30-3.8.3-150600.4.9.1 updated
More information about the sle-container-updates
mailing list