SUSE-CU-2025:8800-1: Security update of containers/vllm-openai
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Dec 9 15:53:31 UTC 2025
SUSE Container Update Advisory: containers/vllm-openai
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8800-1
Container Tags : containers/vllm-openai:0 , containers/vllm-openai:0.9.1 , containers/vllm-openai:0.9.1-3.40
Container Release : 3.40
Severity : important
Type : security
References : 1040589 1212476 1216545 1218588 1218664 1224386 1226308 1232526
1233529 1236632 1236976 1236977 1236978 1236999 1237000 1237001
1237003 1237005 1237018 1237019 1237020 1237021 1237042 1237236
1237240 1237241 1237242 1238491 1239566 1239896 1239938 1240788
1240870 1241219 1241916 1243197 1243756 1243760 1243794 1243958
1243991 1244050 1245199 1245938 1245939 1245942 1245943 1245946
1246481 1246486 1247105 1247114 1247117 1247498 1247589 1247985
1248278 1248461 1248501 1249055 1249584 1250232 1250232 1250413
1250632 1251137 1251275 1251276 1251277 1251305 1251794 1251795
1252148 1252160 1252974 1253757 1254132 CVE-2025-0840 CVE-2025-11083
CVE-2025-11412 CVE-2025-11413 CVE-2025-11414 CVE-2025-1147 CVE-2025-1148
CVE-2025-1149 CVE-2025-11494 CVE-2025-11495 CVE-2025-1150 CVE-2025-1151
CVE-2025-1152 CVE-2025-1153 CVE-2025-11563 CVE-2025-1176 CVE-2025-1178
CVE-2025-1179 CVE-2025-1180 CVE-2025-1181 CVE-2025-1182 CVE-2025-1352
CVE-2025-1372 CVE-2025-1376 CVE-2025-1377 CVE-2025-27613 CVE-2025-27614
CVE-2025-30348 CVE-2025-3198 CVE-2025-3576 CVE-2025-46835 CVE-2025-48384
CVE-2025-48385 CVE-2025-50422 CVE-2025-5244 CVE-2025-5245 CVE-2025-5455
CVE-2025-59375 CVE-2025-59728 CVE-2025-6075 CVE-2025-7039 CVE-2025-7545
CVE-2025-7546 CVE-2025-7700 CVE-2025-8224 CVE-2025-8225 CVE-2025-8291
CVE-2025-8851 CVE-2025-9230 CVE-2025-9230 CVE-2025-9301 CVE-2025-9820
CVE-2025-9900
-----------------------------------------------------------------
The container containers/vllm-openai was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released: Fri Aug 29 02:07:38 2025
Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type: security
Severity: important
References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:
git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):
- Security issues fixed:
* CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
* CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
* CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
* CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
* CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)
- Other changes and bugs fixed:
- Other changes and bugs fixed:
* Added SHA256 support (bsc#1243197)
* Git moved to /usr/libexec/git/git and updated AppArmor profile
accordingly (bsc#1218588)
* gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
* Do not replace apparmor configuration (bsc#1216545)
* Fixed the Python version required (bsc#1212476)
- Version Updates Release Notes:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc
git-lfs is included in version 3.7.0.
python-PyYAML was updated from version 6.0.1 to 6.0.2:
- Added support for Cython 3.x and Python 3.13
obs-scm-bridge was updated from version 0.5.4 to 0.7.4:
- New Features and Improvements:
* Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
file.
* Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
files.
* Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
during checkout.
* Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
* SSH URL Support: ssh:// SCM URLs can now be used.
* Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
* Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
even when using subdirs.
* Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
* Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
* Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.
- Bugs fixed:
* Syntax Fix: A syntax issue was corrected.
* Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
tabs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3443-1
Released: Tue Sep 30 16:54:54 2025
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3449-1
Released: Thu Oct 2 09:15:17 2025
Summary: Security update for cairo
Type: security
Severity: low
References: 1247589,CVE-2025-50422
This update for cairo fixes the following issues:
- CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589)
- Update to version 1.18.4:
+ The dependency on LZO has been made optional through a build
time configuration toggle.
+ You can build Cairo against a Freetype installation that does
not have the FT_Color type.
+ Cairo tests now build on Solaris 11.4 with GCC 14.
+ The DirectWrite backend now builds on MINGW 11.
+ The DirectWrite backend now supports font variations and proper
glyph coverage.
- Use tarball in lieu of source service due to freedesktop gitlab
migration, will switch back at next release at the latest.
- Add pkgconfig(lzo2) BuildRequires: New optional dependency, build
lzo2 support feature.
- Convert to source service: allows for easier upgrades by the
GNOME team.
- Update to version 1.18.2:
+ The malloc-stats code has been removed from the tests directory
+ Cairo now requires a version of pixman equal to, or newer than,
0.40.
+ There have been multiple build fixes for newer versions of GCC
for MSVC; for Solaris; and on macOS 10.7.
+ PNG errors caused by loading malformed data are correctly
propagated to callers, so they can handle the case.
+ Both stroke and fill colors are now set when showing glyphs on
a PDF surface.
+ All the font options are copied when creating a fallback font
object.
+ When drawing text on macOS, Cairo now tries harder to select
the appropriate font name.
+ Cairo now prefers the COLRv1 table inside a font, if one is
available.
+ Cairo requires a C11 toolchain when building.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3624-1
Released: Thu Oct 16 21:59:19 2025
Summary: Security update for expat
Type: security
Severity: important
References: 1249584,CVE-2025-59375
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3715-1
Released: Wed Oct 22 09:11:23 2025
Summary: Security update for ffmpeg-4
Type: security
Severity: important
References: 1226308,1251137,CVE-2025-59728,CVE-2025-7700
This update for ffmpeg-4 fixes the following issues:
- CVE-2025-59728: allocated space for the appended '/' (bsc#1251137)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3723-1
Released: Wed Oct 22 13:22:09 2025
Summary: Security update for libqt5-qtbase
Type: security
Severity: moderate
References: 1239896,1243958,CVE-2025-30348,CVE-2025-5455
This update for libqt5-qtbase fixes the following issues:
Security issues fixed:
- CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash
(bsc#1243958).
- CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance
(bsc#1239896).
Other issues fixed:
- Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances.
- Fix a crash when parsing a particular glyph in a particular font.
- Avoid repeatedly registering xsettings callbacks when switching cursor themes.
- Check validity of RandR output info before using it.
- Fix reparenting a window so it takes effect even if there are no other state changes to the window.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3812-1
Released: Mon Oct 27 17:13:21 2025
Summary: Security update for cmake
Type: security
Severity: low
References: 1248461,CVE-2025-9301
This update for cmake fixes the following issues:
- CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3877-1
Released: Fri Oct 31 05:29:41 2025
Summary: Recommended update for libselinux
Type: recommended
Severity: important
References: 1252160
This update for libselinux fixes the following issues:
- Ship license file (bsc#1252160)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3930-1
Released: Tue Nov 4 09:26:22 2025
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1232526,1238491,1239566,1239938,1240788,1243794,1243991,1244050
This update for gcc15 fixes the following issues:
This update ships the GNU Compiler Collection GCC 15.2. (jsc#PED-12029)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 14 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP6 and SP7, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc15 compilers use:
- install 'gcc15' or 'gcc15-c++' or one of the other 'gcc15-COMPILER' frontend packages.
- override your Makefile to use CC=gcc15, CXX=g++15 and similar overrides for the other languages.
For a full changelog with all new GCC15 features, check out
https://gcc.gnu.org/gcc-15/changes.html
Update to GCC 15.2 release:
* the GCC 15.2 release contains regression fixes accumulated since
the GCC 15.1 release
- Prune the use of update-alternatives from openSUSE Factory and
SLFO.
- Adjust crosses to conflict consistently where they did not
already and make them use unsuffixed binaries.
- Tune for power10 for SLES 16. [jsc#PED-12029]
- Tune for z15 for SLES 16. [jsc#PED-253]
- Fix PR120827, ICE due to splitter emitting constant loads directly
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc15-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Enable C++ for offload compilers. [bsc#1243794]
- Add libgcobol and libquadmath-devel dependence to the cobol frontend
package.
Update to GCC 15 branch head, 15.1.1+git9595
* includes GCC 15.1 release
- Enable gfx9-generic, gfx10-3-generic and gfx11-generic multilibs
for the AMD GCN offload compiler when llvm is new enough.
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Fix newlib libm miscompilation for GCN offloading.
Update to GCC trunk head, 15.0.1+git9001
* includes -msplit-patch-nops required for user-space livepatching
on powerpc
* includes fix for Ada build with --enable-host-pie
- Build GCC executables PIE on SLE. [bsc#1239938]
- Includes change to also record -D_FORTIFY_SOURCE=2 in the DWARF
debug info DW_AT_producer string. [bsc#1239566]
- Package GCC COBOL compiler for openSUSE Factory for supported
targets which are x86_64, aarch64 and ppc64le.
- Disable profiling during build when %want_reproducible_builds is set
[bsc#1238491]
- Includes fix for emacs JIT use
- Bumps libgo SONAME to libgo24 which should fix go1.9 build
- Adjust cross compiler requirements to use %requires_ge
- For cross compilers require the same or newer binutils, newlib
or cross-glibc that was used at build time. [bsc#1232526]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3934-1
Released: Tue Nov 4 12:23:11 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1247498
This update for cyrus-sasl fixes the following issue:
- Replace insecure MD5 with ephemeral HMAC-SHA256 (bsc#1247498).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3957-1
Released: Wed Nov 5 16:45:18 2025
Summary: Security update for tiff
Type: security
Severity: important
References: 1248278,1250413,CVE-2025-8851,CVE-2025-9900
This update for tiff fixes the following issues:
Update to 4.7.1:
- CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278).
- CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3982-1
Released: Thu Nov 6 19:21:10 2025
Summary: Recommended update for lcms2
Type: recommended
Severity: moderate
References: 1247985
This update for lcms2 fixes the following issue:
- Enable threads support and avoid linker errors (bsc#1247985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4096-1
Released: Fri Nov 14 09:07:33 2025
Summary: Security update for binutils
Type: security
Severity: important
References: 1040589,1236632,1236976,1236977,1236978,1236999,1237000,1237001,1237003,1237005,1237018,1237019,1237020,1237021,1237042,1240870,1241916,1243756,1243760,1246481,1246486,1247105,1247114,1247117,1250632,1251275,1251276,1251277,1251794,1251795,CVE-2025-0840,CVE-2025-11083,CVE-2025-11412,CVE-2025-11413,CVE-2025-11414,CVE-2025-1147,CVE-2025-1148,CVE-2025-1149,CVE-2025-11494,CVE-2025-11495,CVE-2025-1150,CVE-2025-1151,CVE-2025-1152,CVE-2025-1153,CVE-2025-1176,CVE-2025-1178,CVE-2025-1179,CVE-2025-1180,CVE-2025-1181,CVE-2025-1182,CVE-2025-3198,CVE-2025-5244,CVE-2025-5245,CVE-2025-7545,CVE-2025-7546,CVE-2025-8224,CVE-2025-8225
This update for binutils fixes the following issues:
- Do not enable '-z gcs=implicit' on aarch64 for old codestreams.
Update to version 2.45:
* New versioned release of libsframe.so.2
* s390: tools now support SFrame format 2; recognize 'z17' as CPU
name [bsc#1247105, jsc#IBM-1485]
* sframe sections are now of ELF section type SHT_GNU_SFRAME.
* sframe secions generated by the assembler have
SFRAME_F_FDE_FUNC_START_PCREL set.
* riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0,
Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0,
ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0,
sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0,
zclsd v1.0, smrnmi v1.0;
vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
T-Head: xtheadvdot v1.0;
MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
* Support RISC-V privileged version 1.13, profiles 20/22/23, and
.bfloat16 directive.
* x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS,
AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
Drop support for AVX10.2 256 bit rounding.
* arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and
extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui',
'+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2',
'+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
* Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)'
are now being made available.
* Add .errif and .warnif directives.
* linker:
- Add --image-base=<ADDR> option to the ELF linker to behave the same
as -Ttext-segment for compatibility with LLD.
- Add support for mixed LTO and non-LTO codes in relocatable output.
- s390: linker generates .eh_frame and/or .sframe for linker
generated .plt sections by default (can be disabled
by --no-ld-generated-unwind-info).
- riscv: add new PLT formats, and GNU property merge rules for zicfiss
and zicfilp extensions.
- gold is no longer included
- Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md):
* bsc#1236632 aka CVE-2025-0840 aka PR32650
* bsc#1236977 aka CVE-2025-1149 aka PR32576
* bsc#1236978 aka CVE-2025-1148 aka PR32576
* bsc#1236999 aka CVE-2025-1176 aka PR32636
* bsc#1237000 aka CVE-2025-1153 aka PR32603
* bsc#1237001 aka CVE-2025-1152 aka PR32576
* bsc#1237003 aka CVE-2025-1151 aka PR32576
* bsc#1237005 aka CVE-2025-1150 aka PR32576
* bsc#1237018 aka CVE-2025-1178 aka PR32638
* bsc#1237019 aka CVE-2025-1181 aka PR32643
* bsc#1237020 aka CVE-2025-1180 aka PR32642
* bsc#1237021 aka CVE-2025-1179 aka PR32640
* bsc#1237042 aka CVE-2025-1182 aka PR32644
* bsc#1240870 aka CVE-2025-3198 aka PR32716
* bsc#1243756 aka CVE-2025-5244 aka PR32858
* bsc#1243760 aka CVE-2025-5245 aka PR32829
* bsc#1246481 aka CVE-2025-7545 aka PR33049
* bsc#1246486 aka CVE-2025-7546 aka PR33050
* bsc#1247114 aka CVE-2025-8224 aka PR32109
* bsc#1247117 aka CVE-2025-8225 no PR
- Add these backport patches:
* bsc#1236976 aka CVE-2025-1147 aka PR32556
* bsc#1250632 aka CVE-2025-11083 aka PR33457
* bsc#1251275 aka CVE-2025-11412 aka PR33452
* bsc#1251276 aka CVE-2025-11413 aka PR33456
* bsc#1251277 aka CVE-2025-11414 aka PR33450
* bsc#1251794 aka CVE-2025-11494 aka PR33499
* bsc#1251795 aka CVE-2025-11495 aka PR33502
- Skip PGO with %want_reproducible_builds (bsc#1040589)
- Fix crash in assembler with -gdwarf-5
- aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size
- Add -std=gnu17 to move gcc15 forward, as temporary measure until
the binutils version can be updated [bsc#1241916].
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4118-1
Released: Mon Nov 17 09:06:55 2025
Summary: Recommended update for freetype2
Type: recommended
Severity: important
References: 1252148
This update for freetype2 fixes the following issues:
- Fix the %licence tag (bsc#1252148)
* package FTL.TXT and GPLv2.TXT as %license
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4138-1
Released: Wed Nov 19 11:15:12 2025
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1224386,1248501
This update for systemd fixes the following issues:
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released: Fri Nov 21 15:09:44 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Python3 error log upon importing pycurl (bsc#1233529)
* Remove senceless log message.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4092-1
Released: Mon Nov 24 10:08:22 2025
Summary: Security update for elfutils
Type: security
Severity: moderate
References: 1237236,1237240,1237241,1237242,CVE-2025-1352,CVE-2025-1372,CVE-2025-1376,CVE-2025-1377
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4236-1
Released: Tue Nov 25 17:02:19 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4297-1
Released: Fri Nov 28 11:03:19 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python311 fixes the following issues:
Update to 3.11.14:
- CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
- CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released: Fri Nov 28 16:38:46 2025
Summary: Security update for glib2
Type: security
Severity: moderate
References: 1249055,CVE-2025-7039
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4323-1
Released: Mon Dec 8 19:14:15 2025
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1254132,CVE-2025-9820
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
The following package changes have been done:
- libgcc_s1-15.2.0+git10201-150000.1.3.3 updated
- libselinux1-3.5-150600.3.3.1 updated
- libstdc++6-15.2.0+git10201-150000.1.3.3 updated
- libreadline7-7.0-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- libalternatives1-1.2+30.a5431e9-150600.1.15 updated
- libatomic1-15.2.0+git10201-150000.1.3.3 updated
- libexpat1-2.7.1-150400.3.31.1 updated
- libglib-2_0-0-2.78.6-150600.4.22.1 updated
- libglog2-0.7.1-150600.1.1 added
- libgomp1-15.2.0+git10201-150000.1.3.3 updated
- libitm1-15.2.0+git10201-150000.1.3.3 updated
- liblcms2-2-2.15-150600.3.3.2 updated
- liblsan0-15.2.0+git10201-150000.1.3.3 updated
- libquadmath0-15.2.0+git10201-150000.1.3.3 updated
- libsasl2-3-2.1.28-150600.7.14.1 updated
- libsqlite3-0-3.50.4-150600.1.2 updated
- libtbb12-2022.2.0-150600.1.2 updated
- libubsan1-15.2.0+git10201-150000.1.3.3 updated
- libudev1-254.27-150600.4.46.2 updated
- libutf8_range-29_3_0-29.3-150600.3.2 updated
- libutf8proc3-2.11.0-150600.1.1 added
- libyaml-0-2-0.2.5-150600.1.2 updated
- libzstd1-1.5.6-150600.1.11 updated
- alts-1.2+30.a5431e9-150600.1.15 updated
- libgobject-2_0-0-2.78.6-150600.4.22.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.22.1 updated
- libgfortran5-15.2.0+git10201-150000.1.3.3 updated
- libprotobuf29_3_0-29.3-150600.3.2 updated
- libpng16-16-1.6.44-150600.1.2 updated
- libelf1-0.185-150400.5.8.3 updated
- libctf-nobfd0-2.45-150100.7.57.1 updated
- libtiff6-4.7.1-150600.3.23.1 updated
- libnvjitlink-devel-12-8-12.8.93-150600.5.2 updated
- cuda-nvrtc-devel-12-8-12.8.93-150600.5.2 updated
- libsystemd0-254.27-150600.4.46.2 updated
- libfreetype6-2.10.4-150000.4.25.1 updated
- libdw1-0.185-150400.5.8.3 updated
- nccl-2.28.11-150600.1.10 updated
- libQt5Core5-5.15.12+kde151-150600.3.9.1 updated
- libctf0-2.45-150100.7.57.1 updated
- binutils-2.45-150100.7.57.1 updated
- libgio-2_0-0-2.78.6-150600.4.22.1 updated
- glib2-tools-2.78.6-150600.4.22.1 updated
- libarrow2000-20.0.0-150600.1.1 added
- libzstd-devel-1.5.6-150600.1.11 updated
- libQt5Test5-5.15.12+kde151-150600.3.9.1 updated
- libQt5DBus5-5.15.12+kde151-150600.3.9.1 updated
- libgnutls30-3.8.3-150600.4.12.1 updated
- libcairo2-1.18.4-150600.3.3.1 updated
- libarrow_acero2000-20.0.0-150600.1.1 added
- libavutil56_70-4.4.6-150600.13.33.1 updated
- libswscale5_9-4.4.6-150600.13.33.1 updated
- libswresample3_9-4.4.6-150600.13.33.1 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- libopenssl1_1-1.1.1w-150600.5.18.1 updated
- libavcodec58_134-4.4.6-150600.13.33.1 updated
- openssl-3-3.1.4-150600.5.39.1 updated
- libthrift-0_17_0-0.17.0-150600.1.17 updated
- krb5-1.20.1-150600.11.14.1 updated
- libparquet2000-20.0.0-150600.1.1 added
- libarrow_flight2000-20.0.0-150600.1.1 added
- libarrow_dataset2000-20.0.0-150600.1.1 added
- libcurl4-8.14.1-150600.4.31.1 updated
- libavformat58_76-4.4.6-150600.13.33.1 updated
- python311-base-3.11.14-150600.3.38.1 updated
- libpython3_11-1_0-3.11.14-150600.3.38.1 updated
- cmake-full-3.28.3-150600.3.3.1 updated
- python311-3.11.14-150600.3.38.1 updated
- cmake-3.28.3-150600.3.3.1 updated
- python311-xxhash-3.5.0-150600.1.2 updated
- python311-wrapt-1.16.0-150600.1.15 updated
- python311-uvloop-0.21.0-150600.1.5 updated
- python311-typing_extensions-4.15.0-150600.1.1 updated
- python311-triton-3.3.1-150600.1.13 updated
- python311-sentencepiece-0.2.0-150600.1.3 updated
- python311-safetensors-0.4.3-150600.1.26 updated
- python311-rpds-py-0.7.1-150600.1.26 updated
- python311-regex-2024.5.15-150600.1.16 updated
- python311-pytrec-eval-terrier-0.5.7-150600.1.2 updated
- python311-psutil-7.0.0-150600.1.2 updated
- python311-protobuf-5.29.3-150600.3.4 updated
- python311-propcache-0.2.0-150600.1.11 updated
- python311-platformdirs-4.3.8-150600.1.1 updated
- python311-outlines-core-0.2.11~0-150600.1.3 updated
- python311-opentelemetry-semantic-conventions-ai-0.4.9-150600.1.2 updated
- python311-ninja-1.11.1.4-150600.1.2 updated
- python311-llvmlite-0.44.0-150600.1.2 updated
- python311-jiter-0.5.0-150600.1.25 updated
- python311-grpcio-1.69.0-150600.1.12 updated
- python311-executing-2.2.0-150600.1.1 updated
- python311-devel-3.11.14-150600.3.38.1 updated
- python311-debugpy-1.8.14-150600.1.3 updated
- python311-certifi-2024.7.4-150600.1.60 updated
- python311-cchardet-2.1.19-150600.1.58 updated
- python311-blake3-1.0.5-150600.1.5 updated
- python311-bcrypt-5.0.0-150600.1.1 updated
- python311-annotated-doc-0.0.3-150600.1.1 added
- python311-aiohappyeyeballs-2.6.1-150600.1.2 updated
- python311-PyYAML-6.0.2-150600.10.3.1 updated
- libQt5Network5-5.15.12+kde151-150600.3.9.1 updated
- python311-pydantic-core-2.39.0-150600.1.1 updated
- python311-cffi-1.17.0-150600.1.18 updated
- python311-Pillow-11.3.0-150600.1.4 updated
- python311-scipy-1.14.1-150600.1.66 updated
- python311-pyarrow-20.0.0-150600.1.2 updated
- python311-llguidance-1.1.1-150600.1.4 updated
- python311-yarl-1.18.3-150600.1.11 updated
- python311-googleapis-common-protos-1.72.0-150600.1.1 updated
- python311-aiosignal-1.4.0-150600.1.1 updated
- python311-uvicorn-0.38.0-150600.1.1 updated
- python311-gguf-0.17.1-150600.1.2 updated
- libQt5Gui5-5.15.12+kde151-150600.3.9.1 updated
- python311-pydantic-2.11.9-150600.1.1 updated
- python311-pandas-2.2.3-150600.1.80 updated
- python311-cryptography-43.0.1-150600.1.28 updated
- python311-rich-14.0.0-150600.1.2 updated
- python311-watchfiles-1.1.0-150600.1.4 updated
- python311-aiohttp-3.12.15-150600.1.2 updated
- python311-numba-0.61.2-150600.1.2 updated
- libQt5Widgets5-5.15.12+kde151-150600.3.9.1 updated
- python311-lm-format-enforcer-0.10.11-150600.1.2 updated
- python311-fastapi-0.120.2-150600.1.1 updated
- libQt5OpenGL5-5.15.12+kde151-150600.3.9.1 updated
- python311-requests-2.32.5-150600.1.1 updated
- python311-tiktoken-0.7.0-150600.1.27 updated
- python311-prometheus-fastapi-instrumentator-7.1.0-150600.1.2 updated
- python311-google-genai-1.53.0-150600.1.1 updated
- python311-huggingface-hub-0.34.0-150600.1.1 updated
- python311-msgspec-0.18.6-150600.1.2 updated
- python311-xformers-cuda-0.0.31-150600.1.22 updated
- python311-torchvision-cuda-0.22.0-150600.1.3 updated
- python311-torchaudio-cuda-2.7.0-150600.1.20 updated
- python311-matplotlib-3.9.0-150600.1.15 updated
- python311-polars-1.32.0-150600.1.5 updated
- python311-xgrammar-0.1.21-150600.1.18 updated
- python311-torch-cuda-2.8.0-150600.2.10 updated
- python311-torch-2.8.0-150600.2.2 updated
- python311-torch-cuda-devel-2.8.0-150600.2.10 updated
- python311-scikit-learn-1.5.1-150600.1.71 updated
- python311-sentence-transformers-5.1.2-150600.1.1 updated
- python311-vllm-cuda-0.9.1-150600.1.6 updated
- container:registry.suse.com-bci-bci-micro-15.6-d3c5ecb6881715ec325e80a122b8b0b1d5474f481cd467ef6f41e4c0ff44fe5f-0 updated
- libarrow1700-17.0.0-150600.2.24 removed
- libarrow_acero1700-17.0.0-150600.2.24 removed
- libarrow_dataset1700-17.0.0-150600.2.24 removed
- libarrow_flight1700-17.0.0-150600.2.24 removed
- libgflags2_2-2.2.2-150600.1.12 removed
- libglog-4-0-0.4.0-150600.1.12 removed
- libnuma1-2.0.14.20.g4ee5e0c-150400.1.24 removed
- libparquet1700-17.0.0-150600.2.24 removed
- libutf8proc2-2.8.0-150600.1.3 removed
More information about the sle-container-updates
mailing list