SUSE-CU-2025:8749-1: Security update of suse/nginx

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Dec 2 08:30:51 UTC 2025 

SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8749-1
Container Tags        : suse/nginx:1.21 , suse/nginx:1.21-68.1 , suse/nginx:latest
Container Release     : 68.1
Severity              : important
Type                  : security
References            : 1154884 1154887 1180138 1197771 1229655 1230111 1233529 1245309
                        1245310 1245311 1245314 1246974 1247498 1249375 1251264 1253757
                        CVE-2019-12290 CVE-2019-18224 CVE-2025-11563 CVE-2025-4877 CVE-2025-4878
                        CVE-2025-5318 CVE-2025-5372 CVE-2025-8114 CVE-2025-8277 
-----------------------------------------------------------------

The container suse/nginx was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released:    Thu Nov 28 10:02:24 2019
Summary:     Security update for libidn2
Type:        security
Severity:    moderate
References:  1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:

- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released:    Tue Dec 29 12:22:01 2020
Summary:     Recommended update for libidn2
Type:        recommended
Severity:    moderate
References:  1180138
This update for libidn2 fixes the following issues:

- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
  adjusted the RPM license tags (bsc#1180138)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released:    Fri May 13 15:40:20 2022
Summary:     Recommended update for libpsl
Type:        recommended
Severity:    important
References:  1197771
This update for libpsl fixes the following issues:

- Fix libpsl compilation issues (bsc#1197771)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released:    Thu Oct 10 16:39:07 2024
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1230111
This update for cyrus-sasl fixes the following issues:

- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) 
  RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released:    Fri Jul  4 18:02:30 2025
Summary:     Security update for libssh
Type:        security
Severity:    important
References:  1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:

- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2301-1
Released:    Mon Jul 14 11:48:57 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1229655
This update for cyrus-sasl fixes the following issues:

- Add Channel Binding support for GSSAPI/GSS-SPNEGO (bsc#1229655, jsc#PED-12097)
- Add support for setting max ssf 0 to GSS-SPNEGO (bsc#1229655, jsc#PED-12097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released:    Fri Sep 26 12:54:43 2025
Summary:     Security update for libssh
Type:        security
Severity:    moderate
References:  1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:

- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
  repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
  (bsc#1246974).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3596-1
Released:    Wed Oct 15 09:51:21 2025
Summary:     Recommended update for curl
Type:        recommended
Severity:    moderate
References:  1251264

This update for curl fixes the following issue:

- rebuilds it against a newer nghttp2 to fix handling 2 or more whitespaces in headers. (bsc#1251264)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released:    Tue Nov  4 12:23:11 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1247498
This update for cyrus-sasl fixes the following issue:

- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released:    Fri Nov 21 15:09:44 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1233529
This update for cyrus-sasl fixes the following issues:

- Python3 error log upon importing pycurl (bsc#1233529)
    * Remove senceless log message.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4300-1
Released:    Fri Nov 28 13:57:41 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1253757,CVE-2025-11563
This update for curl fixes the following issues:

- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)


The following package changes have been done:

- libldap-data-2.4.46-150600.23.21 added
- libnghttp2-14-1.64.0-150700.1.5 added
- libsasl2-3-2.1.28-150600.7.14.1 added
- libssh-config-0.9.8-150600.11.6.1 added
- libunistring2-0.9.10-1.1 added
- libzstd1-1.5.7-150700.1.2 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libldap-2_4-2-2.4.46-150600.23.21 added
- libssh4-0.9.8-150600.11.6.1 added
- libcurl4-8.14.1-150700.7.5.1 added
- curl-8.14.1-150700.7.5.1 added
- container:suse-sle15-15.7-0239ca1e8fca7ab681ee473e600d3ca76b8f1c4acff6886184db8c1e0b9ebf01-0 updated

More information about the sle-container-updates mailing list