SUSE-CU-2025:8887-1: Security update of private-registry/harbor-db
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Dec 12 08:11:09 UTC 2025
SUSE Container Update Advisory: private-registry/harbor-db
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8887-1
Container Tags : private-registry/harbor-db:2.13 , private-registry/harbor-db:2.13.2 , private-registry/harbor-db:2.13.2-4.12 , private-registry/harbor-db:2.13.2_git56172457 , private-registry/harbor-db:2.13.2_git56172457-4.12 , private-registry/harbor-db:latest
Container Release : 4.12
Severity : important
Type : security
References : 1154884 1154887 1175825 1180138 1197771 1227888 1228260 1228535
1230093 1230516 1232528 1234068 1235151 1236588 1236589 1236590
1243397 1243706 1243933 1245309 1245310 1245311 1245314 1246197
1246197 1246974 1249191 1249191 1249348 1249348 1249367 1249367
1249375 1253332 1253333 1253757 CVE-2019-12290 CVE-2019-18224
CVE-2020-8927 CVE-2024-11053 CVE-2024-6197 CVE-2024-6874 CVE-2024-7264
CVE-2024-8096 CVE-2024-9681 CVE-2025-0167 CVE-2025-0665 CVE-2025-0725
CVE-2025-10148 CVE-2025-10148 CVE-2025-11563 CVE-2025-12817 CVE-2025-12818
CVE-2025-4877 CVE-2025-4878 CVE-2025-4947 CVE-2025-5025 CVE-2025-5318
CVE-2025-5372 CVE-2025-5399 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086
CVE-2025-9086
-----------------------------------------------------------------
The container private-registry/harbor-db was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:369-1
Released: Wed Feb 5 16:32:36 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1236588,1236590,CVE-2025-0167,CVE-2025-0725
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2229-1
Released: Fri Jul 4 18:02:30 2025
Summary: Security update for libssh
Type: security
Severity: important
References: 1245309,1245310,1245311,1245314,CVE-2025-4877,CVE-2025-4878,CVE-2025-5318,CVE-2025-5372
This update for libssh fixes the following issues:
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3198-1
Released: Fri Sep 12 14:15:08 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086
This update for curl fixes the following issues:
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
Security issues fixed:
- CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589).
- CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397).
- CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not
easily noticed (bsc#1243706).
- CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing
specially crafted packets (bsc#1243933).
- CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN
backend (bsc#1228260).
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix wrong return code when --retry is used (bsc#1249367).
* tool_operate: fix return code when --retry is used but not triggered [b42776b]
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Fixed with version 8.14.1:
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4236-1
Released: Tue Nov 25 17:02:19 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1253757,CVE-2025-11563
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4363-1
Released: Thu Dec 11 11:10:57 2025
Summary: Security update for postgresql17, postgresql18
Type: security
Severity: important
References: 1253332,1253333,CVE-2025-12817,CVE-2025-12818
This update for postgresql17, postgresql18 fixes the following issues:
Changes in postgresql18:
- Fix build with uring for post SLE15 code streams.
Update to 18.1:
* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/18.1/
* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
- pg_config --libs returns -lnuma so we need to require it.
Update to 18.0:
* https://www.postgresql.org/about/news/p-3142/
* https://www.postgresql.org/docs/18/release-18.html
Changes in postgresql17:
Update to 17.7:
* https://www.postgresql.org/about/news/p-3171/
* https://www.postgresql.org/docs/release/17.7/
* bsc#1253332, CVE-2025-12817: Missing check for CREATE
privileges on the schema in CREATE STATISTICS allowed table
owners to create statistics in any schema, potentially leading
to unexpected naming conflicts.
* bsc#1253333, CVE-2025-12818: Several places in libpq were not
sufficiently careful about computing the required size of a
memory allocation. Sufficiently large inputs could cause
integer overflow, resulting in an undersized buffer, which
would then lead to writing past the end of the buffer.
- switch library to pg 18
The following package changes have been done:
- libbrotlicommon1-1.0.7-150200.3.5.1 added
- libnghttp2-14-1.40.0-150600.23.2 added
- libssh-config-0.9.8-150600.11.6.1 added
- libunistring2-0.9.10-1.1 added
- libbrotlidec1-1.0.7-150200.3.5.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libssh4-0.9.8-150600.11.6.1 added
- libcurl4-8.14.1-150600.4.31.1 added
- libpq5-18.1-150600.13.3.1 updated
- postgresql-18-150600.17.9.1 updated
- postgresql17-17.7-150600.13.19.1 updated
- postgresql-server-18-150600.17.9.1 updated
- postgresql17-server-17.7-150600.13.19.1 updated
- harbor213-db-2.13.2_git56172457-150600.1.6 updated
More information about the sle-container-updates
mailing list