SUSE-CU-2025:160-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 14 08:04:42 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:160-1
Container Tags        : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.1
Container Release     : 7.1
Severity              : important
Type                  : security
References            : 1219736 1234415 1234449 1234450 1234453 1234455 1234456 1234459
                        1234460 1235029 CVE-2024-47538 CVE-2024-47541 CVE-2024-47542
                        CVE-2024-47600 CVE-2024-47606 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835
                        CVE-2024-56826 
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released:    Thu Jan  9 16:04:03 2025
Summary:     Recommended update for permissions
Type:        recommended
Severity:    moderate
References:  1219736
This update for permissions fixes the following issues:

- Update to version 20240826:

  * chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:44-1
Released:    Thu Jan  9 16:04:53 2025
Summary:     Security update for openjpeg2
Type:        security
Severity:    moderate
References:  1235029,CVE-2024-56826
This update for openjpeg2 fixes the following issues:

- CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:62-1
Released:    Fri Jan 10 13:53:30 2025
Summary:     Security update for gstreamer
Type:        security
Severity:    important
References:  1234449,CVE-2024-47606
This update for gstreamer fixes the following issues:

- CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:65-1
Released:    Fri Jan 10 15:42:35 2025
Summary:     Security update for gstreamer-plugins-base
Type:        security
Severity:    important
References:  1234415,1234450,1234453,1234455,1234456,1234459,1234460,CVE-2024-47538,CVE-2024-47541,CVE-2024-47542,CVE-2024-47600,CVE-2024-47607,CVE-2024-47615,CVE-2024-47835
This update for gstreamer-plugins-base fixes the following issues:

- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)


The following package changes have been done:

- permissions-20240826-150600.10.12.1 updated
- libopenjp2-7-2.3.0-150000.3.18.1 updated
- python311-safetensors-0.4.3-150600.1.5 updated
- python311-primp-0.6.3-150600.1.4 updated
- python311-orjson-3.10.7-150600.1.5 updated
- python311-jiter-0.5.0-150600.1.4 updated
- python311-bcrypt-4.2.0-150600.1.4 updated
- libgstreamer-1_0-0-1.24.0-150600.3.3.1 updated
- gstreamer-1.24.0-150600.3.3.1 updated
- python311-pydantic-core-2.23.4-150600.1.3 updated
- python311-cryptography-43.0.1-150600.1.7 updated
- gstreamer-plugins-base-1.24.0-150600.3.8.1 updated
- libgstvideo-1_0-0-1.24.0-150600.3.8.1 updated
- python311-tiktoken-0.7.0-150600.1.4 updated
- libgsttag-1_0-0-1.24.0-150600.3.8.1 updated
- libgstaudio-1_0-0-1.24.0-150600.3.8.1 updated
- libgstapp-1_0-0-1.24.0-150600.3.8.1 updated
- python311-tokenizers-0.20.0-150600.1.4 updated
- libgstpbutils-1_0-0-1.24.0-150600.3.8.1 updated
- libgstallocators-1_0-0-1.24.0-150600.3.8.1 updated
- libgstgl-1_0-0-1.24.0-150600.3.8.1 updated
- libgstriff-1_0-0-1.24.0-150600.3.8.1 updated
- python311-open-webui-0.3.32-150600.1.33 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated

More information about the sle-container-updates mailing list