SUSE-CU-2025:5945-1: Security update of suse/sle15

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5945-1
Container Tags        : bci/bci-base:15.7 , bci/bci-base:15.7-5.8.19 , bci/bci-base:latest , suse/sle15:15.7 , suse/sle15:15.7-5.8.19 , suse/sle15:latest
Container Release     : 5.8.19
Severity              : important
Type                  : security
References            : 1230267 1230959 1231748 1232326 1243279 1243457 1243486 1244042
                        1244710 1245220 1245452 1245496 1245672 1246296 1246428 CVE-2025-7425
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2558-1
Released:    Wed Jul 30 22:14:27 2025
Summary:     Recommended update for libsolv
Type:        recommended
Severity:    moderate
References:  1230267,1243279,1243457,1243486,1244042,1244710,1245220,1245452,1245496,1245672
This update for libsolv fixes the following issues:

- Allow easy migration from SLE Micro 5.5 + SUMA to SL Micro 6.1+MLM
  (bsc#1243457).
- implement color filtering when adding update targets.
- support orderwithrequires dependencies in susedata.xml.
- Fix SEGV in MediaDISK handler (bsc#1245452).
- Fix evaluation of libproxy results (bsc#1244710).
- Enhancements regarding mirror handling during repo refresh. Adapt to libzypp
  API changes (bsc#1230267).
- Explicitly selecting DownloadAsNeeded also selects the
  classic_rpmtrans backend.
- Enhancements with mirror handling during repo refresh, needs zypper 1.14.91.
- Fix autotestcase when ZYPP_FULLLOG=1 (bsc#1244042)  
  There was no testcase written for the very first solver run.
- zypper does not allow distinctions between install and upgrade in
  %postinstall (bsc#1243279).
- Ignore DeltaRpm download errors, in case of a failure the full rpm is
  downloaded (bsc#1245672).
- Improve fix for incorrect filesize handling and download data exceeded errors
  on HTTP responses (bsc#1245220).
- sh: Reset solver options after command (bsc#1245496).
- BuildRequires: Now %{libsolv_devel_package} greater or equal to 0.7.34
  is required (bsc#1243486).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2599-1
Released:    Fri Aug  1 17:35:01 2025
Summary:     Recommended update for openssl-3
Type:        recommended
Severity:    important
References:  1230959,1231748,1232326,1246428
This update for openssl-3 fixes the following issues:

- FIPS: Fix EMS in crypto-policies FIPS:NO-ENFORCE-EMS (bsc#1230959, bsc#1232326, bsc#1231748, bsc#1246428)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2617-1
Released:    Mon Aug  4 09:04:59 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1246296,CVE-2025-7425
This update for libxml2 fixes the following issues:

- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)


The following package changes have been done:

- libopenssl-3-fips-provider-3.2.3-150700.5.15.1 updated
- libopenssl3-3.2.3-150700.5.15.1 updated
- libsolv-tools-base-0.7.34-150600.8.17.2 updated
- libxml2-2-2.12.10-150700.4.6.1 updated
- libzypp-17.37.10-150600.3.74.1 updated
- openssl-3-3.2.3-150700.5.15.1 updated
- zypper-1.14.92-150600.10.46.2 updated