SUSE-CU-2025:8803-1: Security update of suse/sl-micro/6.0/toolbox

Tue Dec 9 16:00:19 UTC 2025

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8803-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.49 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.49
Severity              : moderate
Type                  : security
References            : 1251305 1252974 1253757 CVE-2025-11563 CVE-2025-6075 CVE-2025-8291
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 529
Released:    Tue Dec  9 08:19:13 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1253757,CVE-2025-11563
This update for curl fixes the following issues:

- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757).

-----------------------------------------------------------------
Advisory ID: 530
Released:    Tue Dec  9 08:37:33 2025
Summary:     Security update for python311
Type:        security
Severity:    moderate
References:  1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python311 fixes the following issues:

Update to 3.11.14:

- CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) is not checked by the 'zipfile' 
  module (bsc#1251305).
- CVE-2025-6075: Fixed the value passed to os.path.expandvars() is user-controlled a performance degradation
  is possible when expanding environment variables (bsc#1252974).

The following package changes have been done:

- SL-Micro-release-6.0-25.57 updated
- curl-8.14.1-2.1 updated
- libcurl-mini4-8.14.1-2.1 updated
- libpython3_11-1_0-3.11.14-1.1 updated
- python311-base-3.11.14-1.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.56 updated