SUSE-IU-2025:3920-1: Security update of suse/sl-micro/6.1/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Dec 16 14:14:03 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3920-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.58 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 5.58
Severity          : important
Type              : security
References        : 1242631 1254157 1254158 1254159 1254160 1254480 CVE-2025-3416
                        CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018 CVE-2025-66293
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 354
Released:    Tue Dec 16 09:24:29 2025
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1242631,1254157,1254158,1254159,1254160,1254480,CVE-2025-3416,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:

- CVE-2025-66293: Fixed out-of-bounds read in png_image_read_composite (bsc#1254480).
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157).
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158).
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159).
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160).


The following package changes have been done:

- libpng16-16-1.6.43-slfo.1.1_2.1 updated
- SL-Micro-release-6.1-slfo.1.11.71 updated
- container:suse-toolbox-image-1.0.0-4.92 updated

More information about the sle-container-updates mailing list