SUSE-CU-2025:5171-1: Security update of bci/kiwi
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jul 10 11:21:10 UTC 2025
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5171-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-16.27 , bci/kiwi:latest
Container Release : 16.27
Severity : low
Type : security
References : 1236931 1239119 1239817 CVE-2025-30258
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2259-1
Released: Wed Jul 9 17:18:02 2025
Summary: Recommended update for gpg2
Type: security
Severity: low
References: 1236931,1239119,1239817,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119).
Other bugfixes:
- Do not install expired sks certificate (bsc#1243069).
- gpg hangs when importing a key (bsc#1236931).
The following package changes have been done:
- libxml2-2-2.12.10-150700.4.3.1 updated
- gpg2-2.4.4-150600.3.9.1 updated
- container:registry.suse.com-bci-bci-base-15.7-cfc2f2fd66efaa6058f3f88b16760a1de5ba1364b9bd73c61bea37a37a6fc8e6-0 updated
More information about the sle-container-updates
mailing list