SUSE-IU-2025:3916-1: Security update of suse/sl-micro/6.0/base-os-container

[sle-container-updates at lists.suse.com]

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3916-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.76 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 7.76
Severity          : important
Type              : security
References        : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506
                        CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 536
Released:    Tue Dec 16 09:31:52 2025
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:

- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).


The following package changes have been done:

- libpng16-16-1.6.43-2.1 updated
- SL-Micro-release-6.0-25.59 updated
- container:suse-toolbox-image-1.0.0-9.52 updated