SUSE-IU-2025:2320-1: Security update of suse/sl-micro/6.0/base-os-container

[sle-container-updates at lists.suse.com]

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2320-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.40 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 7.40
Severity          : important
Type              : security
References        : 1245309 1245310 1245311 1245312 1245314 1245317 CVE-2025-4877
                        CVE-2025-4878 CVE-2025-5318 CVE-2025-5351 CVE-2025-5372 CVE-2025-5987
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 419
Released:    Thu Aug 14 11:26:49 2025
Summary:     Security update for libssh
Type:        security
Severity:    important
References:  1245309,1245310,1245311,1245312,1245314,1245317,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5351,CVE-2025-5372,CVE-2025-5987
This update for libssh fixes the following issues:

- CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
- CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend (bsc#1245317)
- CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
- CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
- CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
- CVE-2025-5351: Double free in functions exporting keys (bsc#1245312)



The following package changes have been done:

- SL-Micro-release-6.0-25.41 updated
- libssh-config-0.10.6-2.1 updated
- libssh4-0.10.6-2.1 updated
- container:suse-toolbox-image-1.0.0-9.25 updated