SUSE-CU-2025:9150-1: Security update of suse/sle-micro/5.2/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Dec 18 08:35:38 UTC 2025
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9150-1
Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.214 , suse/sle-micro/5.2/toolbox:latest
Container Release : 7.11.214
Severity : important
Type : security
References : 1254297 1254662 1254878 CVE-2025-13601 CVE-2025-14087 CVE-2025-14512
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4442-1
Released: Wed Dec 17 17:17:38 2025
Summary: Security update for glib2
Type: security
Severity: important
References: 1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
The following package changes have been done:
- libglib-2_0-0-2.62.6-150200.3.36.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.36.1 updated
More information about the sle-container-updates
mailing list