SUSE-CU-2025:6157-1: Security update of suse/sle-micro/5.3/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Aug 14 07:21:54 UTC 2025 

SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6157-1
Container Tags        : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.170 , suse/sle-micro/5.3/toolbox:latest
Container Release     : 6.11.170
Severity              : important
Type                  : security
References            : 1230262 1232526 1233012 1237442 1238491 1239566 1239938 1240788
                        1241549 1243273 1243991 1244032 1244050 1244056 1244059 1244060
                        1244061 1244401 1244705 1247249 831629 CVE-2024-12718 CVE-2025-4138
                        CVE-2025-4330 CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-6069
                        CVE-2025-8194 
-----------------------------------------------------------------

The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2778-1
Released:    Wed Aug 13 08:45:57 2025
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1233012,1243273,1244032,1244056,1244059,1244060,1244061,1244401,1244705,1247249,831629,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069,CVE-2025-8194
This update for python3 fixes the following issues:

- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
    
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2780-1
Released:    Wed Aug 13 10:28:27 2025
Summary:     Recommended update for gcc14
Type:        recommended
Severity:    moderate
References:  1230262,1232526,1237442,1238491,1239566,1239938,1240788,1241549,1243991,1244050
This update for gcc14 fixes the following issues:

Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799

- Fixed libqt6webengine build.
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
  copy rather than the installed system runtime.  [bsc#1240788]
- Allow GCC executables to be built PIE.  [bsc#1239938]
- Backport -msplit-patch-nops required for user-space livepatching on powerpc.
- Also record -D_FORTIFY_SOURCE=2 in the DWARF debug info DW_AT_producer string.  [bsc#1239566]
- Disable profiling during build when %want_reproducible_builds is set [bsc#1238491]
- Fixes reported ICE in [bsc#1237442]
- Add larchintrin.h, lasxintrin.h and lsxintrin.h
  headers to gccXY main package in %files section
- libstdc++6 fix for parsing tzdata 2024b [gcc#116657]
- Fix ICE with LTO building openvino on aarch64 [bsc#1230262]
- Exclude shared objects present for link editing in the GCC specific
  subdirectory from provides processing via __provides_exclude_from.
  [bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
  variant conflict with the unversioned cross-*-gcc package.


The following package changes have been done:

- libgcc_s1-14.3.0+git11799-150000.1.11.1 updated
- libpython3_6m1_0-3.6.15-150300.10.97.1 updated
- libstdc++6-14.3.0+git11799-150000.1.11.1 updated
- python3-base-3.6.15-150300.10.97.1 updated

More information about the sle-container-updates mailing list