SUSE-CU-2025:8854-1: Security update of bci/spack

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Dec 11 08:41:44 UTC 2025 

SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8854-1
Container Tags        : bci/spack:0.23 , bci/spack:0.23.1 , bci/spack:0.23.1-11.90
Container Release     : 11.90
Severity              : moderate
Type                  : security
References            : 1233529 1249055 1253757 1254132 CVE-2025-11563 CVE-2025-7039
                        CVE-2025-9820 
-----------------------------------------------------------------

The container bci/spack was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4155-1
Released:    Fri Nov 21 15:09:44 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1233529
This update for cyrus-sasl fixes the following issues:

- Python3 error log upon importing pycurl (bsc#1233529)
    * Remove senceless log message.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4236-1
Released:    Tue Nov 25 17:02:19 2025
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1253757,CVE-2025-11563
This update for curl fixes the following issues:

- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released:    Fri Nov 28 16:38:46 2025
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1249055,CVE-2025-7039
This update for glib2 fixes the following issues:

- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4323-1
Released:    Mon Dec  8 19:14:15 2025
Summary:     Security update for gnutls
Type:        security
Severity:    moderate
References:  1254132,CVE-2025-9820
This update for gnutls fixes the following issues:

- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)


The following package changes have been done:

- libsasl2-3-2.1.28-150600.7.14.1 updated
- libudev1-254.27-150600.4.46.2 updated
- libgmodule-2_0-0-2.78.6-150600.4.22.1 updated
- libgobject-2_0-0-2.78.6-150600.4.22.1 updated
- libgnutls30-3.8.3-150600.4.12.1 updated
- libgio-2_0-0-2.78.6-150600.4.22.1 updated
- glib2-tools-2.78.6-150600.4.22.1 updated
- libcurl-devel-8.14.1-150600.4.31.1 updated
- container:registry.suse.com-bci-bci-base-15.6-61e26faec277a8df0c18d0060ab940d52bca044a699ae7c878319152ed1396fb-0 updated

More information about the sle-container-updates mailing list