SUSE-CU-2025:5972-1: Security update of containers/open-webui-pipelines
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Aug 7 07:03:30 UTC 2025
SUSE Container Update Advisory: containers/open-webui-pipelines
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5972-1
Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250329.151219 , containers/open-webui-pipelines:0.20250329.151219-6.1
Container Release : 6.1
Severity : important
Type : security
References : 1174673 1177864 1181994 1188006 1190858 1196647 1196647 1198176
1198752 1199079 1199467 1200800 1201680 1202868 1206212 1206622
1210617 1214248 1216862 1220356 1226469 1227525 1227547 1234798
1240009 1240343 1240343 CVE-2021-46828 CVE-2023-30608 CVE-2024-37891
CVE-2024-5569
-----------------------------------------------------------------
The container containers/open-webui-pipelines was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2148-1
Released: Thu Aug 6 13:36:17 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1174673
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673)
Removed CAs:
* AddTrust External CA Root
* AddTrust Class 1 CA Root
* LuxTrust Global Root 2
* Staat der Nederlanden Root CA - G2
* Symantec Class 1 Public Primary Certification Authority - G4
* Symantec Class 2 Public Primary Certification Authority - G4
* VeriSign Class 3 Public Primary Certification Authority - G3
Added CAs:
* certSIGN Root CA G2
* e-Szigno Root CA 2017
* Microsoft ECC Root Certificate Authority 2017
* Microsoft RSA Root Certificate Authority 2017
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3157-1
Released: Wed Nov 4 15:37:05 2020
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1177864
This update for ca-certificates-mozilla fixes the following issues:
The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864)
- Removed CAs:
- EE Certification Centre Root CA
- Taiwan GRCA
- Added CAs:
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3274-1
Released: Fri Oct 1 10:34:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1190858
This update for ca-certificates-mozilla fixes the following issues:
- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
September 30th 2021 and openssl certificate chain handling does not
handle this correctly in openssl 1.0.2 and older.
(bsc#1190858)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released: Tue Oct 12 14:30:17 2021
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References:
This update for ca-certificates-mozilla fixes the following issues:
- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:37-1
Released: Fri Jan 6 15:35:49 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1206212,1206622
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:48-1
Released: Mon Jan 9 10:37:54 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1199467
This update for libtirpc fixes the following issues:
- Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3454-1
Released: Mon Aug 28 13:43:18 2023
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1214248
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4310-1
Released: Tue Oct 31 14:10:47 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This Update for libtirpc to 1.3.4, fixing the following issues:
Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports
- replaces: binddynport-honor-ip_local_reserved_ports.patch
* gss-api: expose gss major/minor error in authgss_refresh()
* rpcb_clnt.c: Eliminate double frees in delete_cache()
* rpcb_clnt.c: memory leak in destroy_addr
* portmapper: allow TCP-only portmapper
* getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
* clnt_raw.c: fix a possible null pointer dereference
* bindresvport.c: fix a potential resource leakage
Update to 1.3.3:
* Fix DoS vulnerability in libtirpc
- replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
* _rpc_dtablesize: use portable system call
* libtirpc: Fix use-after-free accessing the error number
* Fix potential memory leak of parms.r_addr
- replaces 0001-fix-parms.r_addr-memory-leak.patch
* rpcb_clnt.c add mechanism to try v2 protocol first
- preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
* Eliminate deadlocks in connects with an MT environment
* clnt_dg_freeres() uncleared set active state may deadlock
* thread safe clnt destruction
* SUNRPC: mutexed access blacklist_read state variable
* SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
Update to 1.3.2:
* Replace the final SunRPC licenses with BSD licenses
* blacklist: Add a few more well known ports
* libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
Update to 1.3.1:
* Remove AUTH_DES interfaces from auth_des.h
The unsupported AUTH_DES authentication has be
compiled out since commit d918e41d889 (Wed Oct 9 2019)
replaced by API routines that return errors.
* svc_dg: Free xp_netid during destroy
* Fix memory management issues of fd locks
* libtirpc: replace array with list for per-fd locks
* __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
* __rpc_dtbsize: rlim_cur instead of rlim_max
* pkg-config: use the correct replacements for libdir/includedir
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:4502-1
Released: Tue Nov 21 12:14:58 2023
Summary: Feature update for python3
Type: feature
Severity: low
References:
This feature update for python3 packages adds the following:
- Second batch of new python-3.11 packages (jsc#PED-68)
Updates to previosly released python 3.11 packages:
- python-urllib3 to 2.0.7
- python-Sphinx to 7.2.6
- python-pytest to 7.4.2
- python-hypothesis to 6.82.7
- python-sphinxcontrib-serializinghtml to 1.1.9
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:4723-1
Released: Tue Dec 12 09:57:51 2023
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1216862
This update for libtirpc fixes the following issue:
- fix sed parsing in specfile (bsc#1216862)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1637-1
Released: Tue May 14 14:22:14 2024
Summary: Recommended update for google-cloud SDK
Type: recommended
Severity: moderate
References: 1210617,CVE-2023-30608
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2320-1
Released: Mon Jul 8 13:13:54 2024
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1226469,CVE-2024-37891
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2397-1
Released: Thu Jul 11 04:04:33 2024
Summary: Security update for python-zipp
Type: security
Severity: low
References: 1227547,CVE-2024-5569
This update for python-zipp fixes the following issues:
- CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2869-1
Released: Fri Aug 9 15:59:29 2024
Summary: Security update for ca-certificates-mozilla
Type: security
Severity: important
References: 1220356,1227525
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1130-1
Released: Thu Apr 3 15:08:55 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1234798,1240009,1240343
This update for ca-certificates-mozilla fixes the following issues:
Update to 2.74 state of Mozilla SSL root CAs:
- Removed:
* SwissSign Silver CA - G2
- Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798):
- Removed:
* SecureSign RootCA11
* Security Communication RootCA3
- Added:
* TWCA CYBER Root CA
* TWCA Global Root CA G2
* SecureSign Root CA12
* SecureSign Root CA14
* SecureSign Root CA15
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1217-1
Released: Sun Apr 13 12:16:40 2025
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: important
References: 1240343
This update for ca-certificates-mozilla fixes the following issues:
- Reenable the distrusted certs for now. as these only
distrust 'new issued' certs starting after a certain date,
while old certs should still work. (bsc#1240343)
The following package changes have been done:
- libsqlite3-0-3.50.1-150600.1.1 added
- libtirpc-netconfig-1.3.4-150300.3.23.1 added
- ca-certificates-mozilla-2.74-150200.41.1 added
- libtirpc3-1.3.4-150300.3.23.1 added
- libnsl2-1.2.0-2.44 added
- python311-3.11.13-150600.3.30.1 added
- python311-zipp-3.17.0-150600.3.3.1 added
- python311-wrapt-1.16.0-150600.1.13 added
- python311-idna-3.8-150600.1.13 added
- python311-charset-normalizer-3.3.2-150600.1.13 added
- python311-certifi-2024.7.4-150600.1.44 added
- python311-protobuf-5.29.3-150600.3.2 added
- python311-importlib-metadata-7.1.0-150600.1.13 added
- python311-Deprecated-1.2.14-150400.10.7.2 added
- python311-opentelemetry-exporter-otlp-proto-common-1.33.1-150600.1.1 added
- python311-bcrypt-4.3.0-150600.1.3 added
- python311-requests-2.32.3-150600.1.12 added
- python311-opentelemetry-exporter-otlp-proto-http-1.33.1-150600.1.1 added
- python311-typing_extensions-4.13.0-150600.1.1 added
- python311-pycparser-2.21-150400.12.7.2 added
- python311-cffi-1.17.0-150600.1.15 added
- python311-opentelemetry-proto-1.33.1-150600.1.1 added
- python311-googleapis-common-protos-1.63.2-150600.1.18 added
- python311-opentelemetry-api-1.33.1-150600.1.1 added
- python311-cryptography-43.0.1-150600.1.25 added
- python311-opentelemetry-semantic-conventions-0.54b1-150600.1.1 added
- python311-pyOpenSSL-24.2.1-150600.1.11 added
- python311-opentelemetry-sdk-1.33.1-150600.1.1 added
- python311-urllib3-2.0.7-150400.7.18.1 added
- container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 updated
More information about the sle-container-updates
mailing list