SUSE-CU-2025:1345-1: Security update of suse/sle-micro/5.4/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Feb 27 08:12:50 UTC 2025 

SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1345-1
Container Tags        : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.92 , suse/sle-micro/5.4/toolbox:latest
Container Release     : 5.19.92
Severity              : moderate
Type                  : security
References            : 1229685 1229822 1230078 1235695 1236151 1237137 CVE-2024-43790
                        CVE-2024-43802 CVE-2024-45306 CVE-2025-1215 CVE-2025-22134 CVE-2025-24014
-----------------------------------------------------------------

The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:724-1
Released:    Wed Feb 26 14:30:20 2025
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1229685,1229822,1230078,1235695,1236151,1237137,CVE-2024-43790,CVE-2024-43802,CVE-2024-45306,CVE-2025-1215,CVE-2025-22134,CVE-2025-24014
This update for vim fixes the following issues:

Update to version 9.1.1101:

- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
  (bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).


The following package changes have been done:

- vim-data-common-9.1.1101-150000.5.69.1 updated
- vim-9.1.1101-150000.5.69.1 updated
- xxd-9.1.1101-150000.5.69.1 updated

More information about the sle-container-updates mailing list