SUSE-CU-2025:6521-1: Security update of suse/sl-micro/6.0/toolbox

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6521-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.27 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.27
Severity              : important
Type                  : security
References            : 1244554 1244555 1244557 1244580 1244700 1246296 CVE-2025-49794
                        CVE-2025-49795 CVE-2025-49796 CVE-2025-6021 CVE-2025-6170 CVE-2025-7425
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 429
Released:    Thu Aug 21 10:01:26 2025
Summary:     Security update for libxml2
Type:        security
Severity:    important
References:  1244554,1244555,1244557,1244580,1244700,1246296,CVE-2025-49794,CVE-2025-49795,CVE-2025-49796,CVE-2025-6021,CVE-2025-6170,CVE-2025-7425
This update for libxml2 fixes the following issues:

- CVE-2025-6021: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 [bsc#1244580]
- CVE-2025-6170: stack buffer overflow may lead to a crash [bsc#1244700]
- CVE-2025-7425: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr [bsc#1246296]
- CVE-2025-49794: heap use after free (UAF) can lead to Denial of service (DoS) [bsc#1244554]
- CVE-2025-49795: null pointer dereference may lead to Denial of service (DoS) [bsc#1244555]
- CVE-2025-49796: type confusion may lead to Denial of service (DoS) [bsc#1244557]


The following package changes have been done:

- SL-Micro-release-6.0-25.43 updated
- libxml2-2-2.11.6-10.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.42 updated