SUSE-IU-2025:2355-1: Security update of suse/sl-micro/6.0/base-os-container

[sle-container-updates at lists.suse.com]

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:2355-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.42 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 7.42
Severity          : important
Type              : security
References        : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794
                        CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 429
Released:    Thu Aug 21 10:01:26 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425
This update for libxml2 fixes the following issues:

- CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580]
- CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700]
- CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296]
- CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554]
- CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555]
- CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557]


The following package changes have been done:

- libxml2-2-2.11.6-10.1 updated
- SL-Micro-release-6.0-25.43 updated
- container:suse-toolbox-image-1.0.0-9.27 updated