SUSE-CU-2025:6004-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Aug 8 07:07:05 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6004-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-11.8
Container Release     : 11.8
Severity              : important
Type                  : security
References            : 1244061 1244705 1246232 1246233 1246267 1246299 1247249 CVE-2025-32988
                        CVE-2025-32989 CVE-2025-32990 CVE-2025-4435 CVE-2025-6069 CVE-2025-6395
                        CVE-2025-8194 
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2595-1
Released:    Fri Aug  1 17:13:59 2025
Summary:     Security update for gnutls
Type:        security
Severity:    important
References:  1246232,1246233,1246267,1246299,CVE-2025-32988,CVE-2025-32989,CVE-2025-32990,CVE-2025-6395
This update for gnutls fixes the following issues:

- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2714-1
Released:    Wed Aug  6 11:36:56 2025
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  
This update for systemd fixes the following issues:

- triggers.systemd: skip update of hwdb, journal-catalog if executed during
  an offline update.

- systemd-repart is no more considered as experimental (jsc#PED-13213)

- Import commit 130293e510ceb4d121d11823e6ebd4b1e8332ea0 (merge of v254.27)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/278fb676146e35a7b4057f52f34a7bbaf1b82369...130293e510ceb4d121d11823e6ebd4b1e8332ea0

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2717-1
Released:    Wed Aug  6 15:39:46 2025
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194
This update for python311 fixes the following issues:

- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
- CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705).
- CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061).
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2720-1
Released:    Thu Aug  7 05:38:44 2025
Summary:     Recommended update for crypto-policies
Type:        recommended
Severity:    moderate
References:  
This update for crypto-policies fixes the following issues:

- Update the BSI policy (jsc#PED-12880)
    * BSI: switch to 3072 minimum RSA key size
    * BSI: Update BSI policy for new 2024 minimum


The following package changes have been done:

- crypto-policies-20230920.570ea89-150600.3.12.1 updated
- libsqlite3-0-3.50.1-150600.1.1 updated
- libudev1-254.27-150600.4.43.3 updated
- libsystemd0-254.27-150600.4.43.3 updated
- libgnutls30-3.8.3-150600.4.9.1 updated
- libpython3_11-1_0-3.11.13-150600.3.35.1 updated
- python311-base-3.11.13-150600.3.35.1 updated
- python311-3.11.13-150600.3.35.2 updated
- python311-numpy1-1.26.4-150600.1.50 updated
- python311-devel-3.11.13-150600.3.35.1 updated
- python311-certifi-2024.7.4-150600.1.46 updated
- python311-cchardet-2.1.19-150600.1.42 updated
- python311-scipy-1.14.1-150600.1.51 updated
- python311-pandas-2.2.3-150600.1.54 updated
- python311-scikit-learn-1.5.1-150600.1.53 updated
- python311-open-webui-0.6.9-150600.2.19 updated
- container:registry.suse.com-bci-bci-base-15.6-005770759dcf00d155a6a603323da3e031fdf5f080aa25f945a31477a5127659-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-592385970a14eee93496c33b7487ee31b306e6dcc3d2aa7a07be02c120d6bccb-0 added
- libopenssl-3-fips-provider-3.1.4-150600.5.33.1 removed
- patterns-base-fips-20200124-150600.32.6.1 removed

More information about the sle-container-updates mailing list